Jump to content
Not connected, Your IP: 3.141.29.162
Sign in to follow this  
Festus Heinhold

Network Lock doesn't protect against IPv6 leakage?

Recommended Posts

My name is Festus.

 

I noticed that even the Network lock only prevents IPv4 leakage, not IPv6. So if for example, I'm connected to AirVPN and type "what's my IP?" in Google, Google correctly identifies the AirVPN IP... But if I go to "ipv6.google.com" and types "what's my IP," Google returns my actual unmasked IPv6 address.

 

Am I correct in my assumption that for a site operator to deduce my true IP, all he'd have to do is execute an outbound connection (via JavaScript) to an IPv6 site and then check his logs to see the connection's source?

 

Is there an easy way to get the AirVPN client to simply disable the entire IPv6 stack while connected to the VPN?

 

Thanks,

 

Festus

Share this post


Link to post

Could you please confirm that you typed the correct link? "ipv6.google.com" doesn't work here.

Share this post


Link to post

Yes, that link is valid. 

 

"ipv6.google.com" is the IPv6-only version of Google's search site. I've found that it's a good site to use when checking whether or not IPv6 has been enabled by one's ISP.

 

If IPv6 isn't enabled on your network, the hostname returns nothing and no navigation takes place. The site does work if IPv6 is enabled, however. IPv6 is enabled on the Verizon network, for example, so the site works via my iPhone via LTE/3G. Typing "what's my IP" shows me my iPhone's IPv6 address. It also works from my home ISP, Time Warner, who provides customers with a 6to4 IPv6 tunnel.

 

The problem is that even when AirVPN is connected, the IPv6 stack is still alive and well. Any outbound connections over IPv6 will not have their source address masked. This is why other VPN providers (e.g. private internet access) have a checkbox that reads "block IPv6 connections while connected to VPN" and it's typically checked by default.

 

I've found that I can manually disable IPv6 on my Mac as follows:

 

sudo networksetup -setv6off "Thunderbolt Ethernet"
sudo networksetup -setv6off "Wi-Fi"
 
...and then after disconnecting from AirVPN, I can turn it back on like this:
 
sudo networksetup -setv6automatic "Thunderbolt Ethernet"
sudo networksetup -setv6automatic "Wi-Fi"
 
That said, it would be nice if AirVPN handled these types of operations automatically behind the scenes.
 
Thanks,
 
Festus

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...