cross-posted from: https://lemmy.world/post/3754933
While experimenting with ProtonVPN’s Wireguard configs, I realized that my real IPv6 address was leaking while IPv4 was correctly going through the tunnel. How do I prevent this from happening?
I’ve already tried adding
::/0
to theAllowedIPs
option and IPv6 is listed as disabled in the NetworkManager profile.
IPv4 and IPv6 are two different network stacks. Your IPv4 stack is hidden behind wireguard, but not the IPv6 one.
The correct way to fix your issue is to setup a second witeguard tunnel for IPv6, and route IPv6 traffic through it.
Edit: many comments advise to block outbound IPv6 traffic. Don’t do that! It will add latency to all your requests as you will have to wait for them to timeout.
If you disable IPv6 at the kernel level there’s no extra latency as nothing even tries to connect to an IPv6 address. It’s a shame to have to do it, but does fix the issue.
Disabling it is fine indeed, but I saw many comments advising to block outbound traffic, so I warned against that.