cross-posted from: https://lemmy.world/post/3754933
While experimenting with ProtonVPN’s Wireguard configs, I realized that my real IPv6 address was leaking while IPv4 was correctly going through the tunnel. How do I prevent this from happening?
I’ve already tried adding
::/0to theAllowedIPsoption and IPv6 is listed as disabled in the NetworkManager profile.
Either fix IPv6 in the Wireguard tunnel or, if the tunnel isn’t under your control, set up your firewall to drop all IPv6 traffic directed towards the wider internet. You could also gimp your normal network interface by disabling IPv6 on it if you always have the VPN on anyway.
Disabling IPv6 system wide will cause all kinds of fun and interesting random failures in tons of applications. You can drop all the routes you want, but I wouldn’t remove the link local addresses or the ::1 address unless you like debugging failed assertions in your system logs.
For me, it was rather the opposite: when dropping IPv6 packets, applications would often hang and behave weirdly. Disabling IPv6 completely would mean they’d stop trying to do anything on IPv6 and function well.
Dropping all IPv6 packets would cause problems but if you only drop the packets destined for the internet you should be fine, I believe. You may also need to configure your DNS to prefer A records over AAAA, though, but if your VPN only supports IPv4 I assume your VPN’s DNS server doesn’t accept AAAA queries.