cross-posted from: https://lemmy.world/post/3754933

While experimenting with ProtonVPN’s Wireguard configs, I realized that my real IPv6 address was leaking while IPv4 was correctly going through the tunnel. How do I prevent this from happening?

I’ve already tried adding ::/0 to the AllowedIPs option and IPv6 is listed as disabled in the NetworkManager profile.

  • z3bra@lemmy.sdf.org
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    IPv4 and IPv6 are two different network stacks. Your IPv4 stack is hidden behind wireguard, but not the IPv6 one.

    The correct way to fix your issue is to setup a second witeguard tunnel for IPv6, and route IPv6 traffic through it.

    Edit: many comments advise to block outbound IPv6 traffic. Don’t do that! It will add latency to all your requests as you will have to wait for them to timeout.

    • notabot@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      If you disable IPv6 at the kernel level there’s no extra latency as nothing even tries to connect to an IPv6 address. It’s a shame to have to do it, but does fix the issue.

      • z3bra@lemmy.sdf.org
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Disabling it is fine indeed, but I saw many comments advising to block outbound traffic, so I warned against that.