IPv6 causes Streisand to disclose location w/ OpenWrt on TP-Link WDR3600

[bondbeau]

Hi Hi,

I changed routers from a IPv4 only Linksys WRT-54G to an IPv4 and IPv6 TP-Link WDR3600, and suddenly my real location is revealed. ip-address.org doesn't resolve either v4 or v6 properly it seems, while whatismyip.com shows two DIFFERENT locations, depending if one clicks on IPv4 (shows correct VPS address) or on IPv6 (shows 'true' location and ISP).

I'd really like to not have any internet traffic on IPv6 just now if it can be helped (though I don't know how to turn it off in OpenWrt). And in any case, I of course don't want it to 'break' Streisand (revealing true location/ISP sometimes. Or is it not breaking it, and I don't understand something (entirely likely)?

I strongly suspect this is super easy so please be easy with me, but I already tried the only thing I understood when searching; to delete the 'IPv6 ULA-Prefix' under Network > Interfaces, which seemed to have no effect at all.

Thanks kindly for any assistance.

BB

[bondbeau]

Okay, I don't know if this is the correct way to shut down IPv6 on an OpenWrt router, but I 'think' that just going to Networking > Interfaces (if one has the LuCI GUI), that it will correct the issue described above...so as to cause the network IP to report only the IPv4 address, and therefore only the correct physical location per Streisand, instead of IPv4 saying one location and IPv6 reporting another (which erroneously discloses one's physical location for IPv6).

No one else, that no doubt has enormous understanding compared to mine, has weighed in at all (yet), so I can't truly say that what I'm saying is at all accurate, so I apologize if it's not.

I'm expecting I'll move another server, and set up another Streisand-based instance at some point, and when I do, I 'suspect' that if I reenable IPv6 first, then when Streisand goes through setup, it hopefully will correct the above concern. But I won't know until I try it, or until someone else corrects my supposition.

Thanks kindly

[nopdotcom]

When you go to http://192.168.1.1 (or wherever your router lives), what does "IPv6 WAN Status" say? On mine, it says:

Type: 6in4-pd Prefix Delegated: 2001:0db8:8a47::/48 Address: 2001:0db8:6603:3984::2/64 Gateway: :: Connected: 5d 2h 36m 4s

My ISP doesn't have native IPv6, so I have a tunnel.

[bondbeau]

@nopdotcom Hopefully you can view the attachment I uploaded of a partial screenshot of the Network>Interfaces screen for OpenWrt/LEDE. To the right of that same screen, it shows the options of what one can do with those different interfaces (2nd screenshot) and, it appears, that my choosing "Stop" on the WAN6 interface brought things back to the way they were before I switched routers, e.g. using the web tools in the OP to check for my IP or for leaks (via Streisand). They again show only the expected (or 'my' expected anyway) results, instead of one location for IPv4 and a different one for IPv6. So, I think, that perhaps this issue is solved for the time being? The soon to be tested question however, is if I turn the IPv6 interface back on, and then rerun the Streisand setup, will it indeed show just one physical location, or two, as in what caused my original query on this forum?

I thank you so kindly for assisting! And by all means, I'm all ears for any observations you may wish to share or further questions you may have, so that hopefully I'll know what to expect if/when I redo my Streisand setup, especially if I may need to do anything special, so that I get the intended results. Kindly...and listening...

[bondbeau]

@nopdotcom In seemingly my having solved the issue for now, I now finally realize I did not answer your question, and sincerely, my apologies to that. My "IPv6 WAN Status" simply says "Not connected" under Status>Overview. Regards and thanks much!

[antonsamoziv]

@bondbeau Good to see that you're using OpenWRT now! :+1:

[bondbeau]

@antonsamoziv Thanks...(I think). Still unsure if I'm using it or it's using me! Jokes aside though, if nothing else, it seems to be super stable so far, as is always quite welcome to me

I suppose this needs to be moved to somewhere new, but originally the whole point I switched to OpenWrt, was so I could give Streisand a shot for encrypting everything (all machines) connected to the router using Streisand, as described here: https://github.com/StreisandEffect/streisand/wiki/Setting-an-OpenWrt-Based-Router-as-OpenVPN-Client How does one contact a member of such an OP to see if they'd be willing to assist, as I work my way through please?

[antonsamoziv]

@bondbeau

How does one contact a member of such an OP to see if they'd be willing to assist, as I work my way through please?

I've done it loads of times so I'd be available to assist as you work through it. if you have any questions or concerns for OpenVpn and OpenWrt make a thread at https://forum.lede-project.org/ with them so even more people can help. They eat problems for breakfast, but they don't bite :).

This actual guide is in the OpenWrt wiki so many people will know the procedure.

Edit: I see that Wireguard is available with the Streisand setup. You should look into this if your having horrible performance problems with OpenVPN with your router. Also the setup is way easier. But it's not as battle tested as OpenVPN.

[bondbeau]

@antonsamoziv Well, thank you, with this offer of assistance, and the others from the Lede project you linked to...I'm having trouble coming up with another excuse! So, while not necessarily being quick, I intend to see if I can do this. Not having to configure each device, and still have my own VPS as well...this sounds super promising indeed!

Yes, I'm already using Wireguard actually, and the performance is nearly indistinguishable from no encryption at all. But neither WG nor OpenVPN are thru the router as yet.