schwabe
commented
5 months ago Look at the block-ipv6 option in OpenVPN.
Closed wunskzb closed 5 months ago
schwabe
commented
5 months ago Look at the block-ipv6 option in OpenVPN.
wunskzb
commented
5 months ago Look at the
block-ipv6option in OpenVPN.
I checked the configuration file and openvpn settings and did not find the block-ipv6 option, using openvpngui
schwabe
commented
5 months ago No what I am saying is that option is designed for your use case of blocking IPv6 when the server is not providing IPv6 on its own.
wunskzb
commented
5 months ago ok, I understand it’s my VPN provider’s problem
schwabe
commented
5 months ago Yes but you can use block-ipv6 in your local config to stil block your local ipv6. The man page even gives instructions how to do so.
cron2
commented
5 months ago Arne already explained how to work around this - you can solve this locally by adding these two statements to your OpenVPN client config (first, ensure that OpenVPN sees the IPv6 traffic, then, block it):
redirect-gateway ipv6
block-ipv6but generally speaking, this is a major shortcoming of your VPN provider - if they can only provide IPv4 only service (for which there is NO good reason in 2024), they MUST care about dual-stack clients - and this means, at least include config like these two lines in their client/server config, to avoid their users being endangered.
Really. This is close to criminally neglicient.
wunskzb
commented
5 months ago Thank you very much for your prompt responses and detailed answers to my questions. Arne and cron2, your expertise and experience have been extremely valuable to me. I've modified my OpenVPN configuration based on your suggestions and it has resolved the issue I was experiencing. Thanks to your help, I have a deeper understanding of OpenVPN. Thanks again.
I ran into an issue where my real IPv6 address became visible after connecting to an OpenVPN server that only supports IPv4. Although no DNS leak was detected after activating the VPN, my real IPv6 address could still be viewed using services such as IP.SB.
In my situation, completely disabling IPv6 is not a viable solution. I am located in mainland China and the complexity of the network increases due to the use of a large number of carrier grade NATs. Not all users have public IPs, so it is important to retain IPv6 functionality. IPv6 addresses are all public and have important application requirements for network applications that use PCDN (Personal Content Delivery Network) such as Douyin, Tencent Video and iQiyi.
I hope to preserve IPv6 functionality while solving the problem of IPv6 address leaks when connecting to an OpenVPN server that only supports IPv4. I'm looking forward to finding comprehensive advice or system configurations that can prevent IPv6 leaks without having to disable IPv6.
Any help regarding this issue would be greatly appreciated