Jump to content
Not connected, Your IP: 18.218.2.191
Sign in to follow this  
Gooberslot

IPv6 not being VPNed.

Recommended Posts

IPv6 connections aren't going over the VPN. I don't know if this is due to OpenVPN not supporting IPv6 or your servers not supporting it but it's a big security issue. Maybe there should be an option in the client to disable IPv6 and then re-enable it when quitting.

Share this post


Link to post

IPv6 connections aren't going over the VPN. I don't know if this is due to OpenVPN not supporting IPv6 or your servers not supporting it but it's a big security issue. Maybe there should be an option in the client to disable IPv6 and then re-enable it when quitting.

Hello!

We don' support IPv6 at the moment.

For additional security, how to disable IPv6 in Windows 7:

[EDIT: link removed - see next message in this thread]

How to disable IPv6 in Linux:

https://wiki.archlinux.org/index.php/Disabling_IPv6

Please do not hesitate to contact us for any further information.

Kind regards

Share this post


Link to post

For additional security, how to disable IPv6 in Windows 7:

http://www.addictivetips.com/windows-tips/how-to-disable-ipv6-in-windows-7/

 

The info on that site is WRONG.

To disable IPv6, the correct value of the DisabledComponents registry key is "0xffffffff". Setting the value to "0" will enable IPv6.

See:

http://practicalrambler.blogspot.com/2011/05/how-to-disable-ipv6-and-teredo-in.html

http://support.microsoft.com/kb/929852

Share this post


Link to post

Why there haven't been any info about this security problem? i was in that belief that open vpn secures ipv6...

Share this post


Link to post

Why there haven't been any info about this security problem? i was in that belief that open vpn secures ipv6...

Hello!

We're going to add it in the FAQ too.

Kind regards

Share this post


Link to post

I thought the same as Markex. Was aware of the documented danger on PPTP but the info at the time said Openvpn was not affected.

To think I changed to an Openvpn provider due to the less secure PPTP of ex supplier and to finally be rid of doubts of this ipv6 issue.

I only can thank the original poster for pointing this issue out so instructions could be given to to the rest of us.

I will ask the Admin if an average person followed your orignal instructions, installed your client and happened to use both a very popular OS, that has IPV6 switched on by default and the most popular torrent software, which doesn't easily allow IPv6 to be turned off - Is it likely all the connections were bypassing the VPN without the users knowledge?

Share this post


Link to post

I thought the same as Markex. Was aware of the documented danger on PPTP but the info at the time said Openvpn was not affected.

To think I changed to an Openvpn provider due to the less secure PPTP of ex supplier and to finally be rid of doubts of this ipv6 issue.

I only can thank the original poster for pointing this issue out so instructions could be given to to the rest of us.

I will ask the Admin if an average person followed your orignal instructions, installed your client and happened to use both a very popular OS, that has IPV6 switched on by default and the most popular torrent software, which doesn't easily allow IPv6 to be turned off - Is it likely all the connections were bypassing the VPN without the users knowledge?

Hello!

You're right, OpenVPN is not affected by the vulnerability discovered on PPTP.

The IPv6 contains either your true IPv4 or your MAC address. If you point for example to a web site using an IPv6 address, with PPTP your REAL IPv4 address will be tunneled over PPTP, disclosing it to a malicious entity. OpenVPN does not have this vulnerability.

Also, your IPv6 address is generated by the IPv4 address assigned to you. The IPv6 loopback interface never get out of your network card (think of it as the equivalent of 127.0.0.1 IPv4), it can only communicate on the local machine.

Currently we don't support IPv6 at all. When the time will come, support to IPv6 will be added with the usual security standards.

To answer to your question, the probability is therefore near-zero ("near" because in the security field it is theoretically impossible to state a 100% security under most circumstances). Please do check here while connected to an Air server:

http://whatismyv6.com/

You should be able to see ONLY the IPv4 exit-IP of the VPN server you're connected to. Connection to their IPv6 web site should fail.

Kind regards

Share this post


Link to post

To answer to your question, the probability is therefore near-zero ("near" because in the security field it is theoretically impossible to state a 100% security under most circumstances). Please do check here while connected to an Air server:

whatismyv6.com/

I have a tunnel terminated at my router so that my OS (WinXP) thinks I have a native IPv6 connection and gives me a public IP address through stateless autoconfig. That public IP was visible at whatismyipv6.com when the VPN was active. I'd say the risk is far more than non-zero.

Share this post


Link to post

To answer to your question, the probability is therefore near-zero ("near" because in the security field it is theoretically impossible to state a 100% security under most circumstances). Please do check here while connected to an Air server:

whatismyv6.com/

I have a tunnel terminated at my router so that my OS (WinXP) thinks I have a native IPv6 connection and gives me a public IP address through stateless autoconfig. That public IP was visible at whatismyipv6.com when the VPN was active. I'd say the risk is far more than non-zero.

Hello!

It seems just fine. It's PPTP that tunnels your real IPv4 address in the IPv6, not OpenVPN.

Please confirm that when you say "public IP was visible at whatismyipv6" you refer to the generated IPv6 address, not to your real IPv4 address. If whatismyipv6.com could see your real IPv4 public address (instead of the IPv4 address of the VPN server), please warn us as soon as possible.

Kind regards

Share this post


Link to post
Guest amdou

Any plans to support ipv6

Share this post


Link to post
Guest amdou

 

Any plans to support ipv6

 

Hello!

 

IPv6 will be fully supported in the future.

 

Kind regards

 

Any update on ipv6 support?

 

Thanks

Share this post


Link to post

 

 

Any plans to support ipv6

 

Hello!

 

IPv6 will be fully supported in the future.

 

Kind regards

 

Any update on ipv6 support?

 

Thanks

 

Hello,

 

no update at the moment.

 

Kind regards

Share this post


Link to post

for linux ubuntu linux users....

 

to disable ipv6 open a terminal and type the following lines:

 

echo "#disable ipv6" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
 

or open /etc/sysctl.conf in a text editor and add the following lines to the end of the file:

 

#disable ipv6

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

net.ipv6.conf.lo.disable_ipv6 = 1

#

 

 

afterwards, reboot the network interfaces (sysctl) by typing this in the terminal:

sudo sysctl -p

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...