Gooberslot 0 Posted ... IPv6 connections aren't going over the VPN. I don't know if this is due to OpenVPN not supporting IPv6 or your servers not supporting it but it's a big security issue. Maybe there should be an option in the client to disable IPv6 and then re-enable it when quitting. Quote Share this post Link to post
Staff 9973 Posted ... IPv6 connections aren't going over the VPN. I don't know if this is due to OpenVPN not supporting IPv6 or your servers not supporting it but it's a big security issue. Maybe there should be an option in the client to disable IPv6 and then re-enable it when quitting.Hello!We don' support IPv6 at the moment.For additional security, how to disable IPv6 in Windows 7:[EDIT: link removed - see next message in this thread]How to disable IPv6 in Linux:https://wiki.archlinux.org/index.php/Disabling_IPv6Please do not hesitate to contact us for any further information.Kind regards Quote Share this post Link to post
athelstan 11 Posted ... For additional security, how to disable IPv6 in Windows 7: http://www.addictivetips.com/windows-tips/how-to-disable-ipv6-in-windows-7/ The info on that site is WRONG. To disable IPv6, the correct value of the DisabledComponents registry key is "0xffffffff". Setting the value to "0" will enable IPv6. See: http://practicalrambler.blogspot.com/2011/05/how-to-disable-ipv6-and-teredo-in.html http://support.microsoft.com/kb/929852 Quote Share this post Link to post
Markex 1 Posted ... Why there haven't been any info about this security problem? i was in that belief that open vpn secures ipv6... Quote Share this post Link to post
Staff 9973 Posted ... Why there haven't been any info about this security problem? i was in that belief that open vpn secures ipv6...Hello!We're going to add it in the FAQ too.Kind regards Quote Share this post Link to post
rumplegoat 0 Posted ... I thought the same as Markex. Was aware of the documented danger on PPTP but the info at the time said Openvpn was not affected. To think I changed to an Openvpn provider due to the less secure PPTP of ex supplier and to finally be rid of doubts of this ipv6 issue. I only can thank the original poster for pointing this issue out so instructions could be given to to the rest of us. I will ask the Admin if an average person followed your orignal instructions, installed your client and happened to use both a very popular OS, that has IPV6 switched on by default and the most popular torrent software, which doesn't easily allow IPv6 to be turned off - Is it likely all the connections were bypassing the VPN without the users knowledge? Quote Share this post Link to post
Staff 9973 Posted ... I thought the same as Markex. Was aware of the documented danger on PPTP but the info at the time said Openvpn was not affected.To think I changed to an Openvpn provider due to the less secure PPTP of ex supplier and to finally be rid of doubts of this ipv6 issue.I only can thank the original poster for pointing this issue out so instructions could be given to to the rest of us.I will ask the Admin if an average person followed your orignal instructions, installed your client and happened to use both a very popular OS, that has IPV6 switched on by default and the most popular torrent software, which doesn't easily allow IPv6 to be turned off - Is it likely all the connections were bypassing the VPN without the users knowledge?Hello!You're right, OpenVPN is not affected by the vulnerability discovered on PPTP. The IPv6 contains either your true IPv4 or your MAC address. If you point for example to a web site using an IPv6 address, with PPTP your REAL IPv4 address will be tunneled over PPTP, disclosing it to a malicious entity. OpenVPN does not have this vulnerability. Also, your IPv6 address is generated by the IPv4 address assigned to you. The IPv6 loopback interface never get out of your network card (think of it as the equivalent of 127.0.0.1 IPv4), it can only communicate on the local machine.Currently we don't support IPv6 at all. When the time will come, support to IPv6 will be added with the usual security standards.To answer to your question, the probability is therefore near-zero ("near" because in the security field it is theoretically impossible to state a 100% security under most circumstances). Please do check here while connected to an Air server:http://whatismyv6.com/You should be able to see ONLY the IPv4 exit-IP of the VPN server you're connected to. Connection to their IPv6 web site should fail.Kind regards Quote Share this post Link to post
Gooberslot 0 Posted ... To answer to your question, the probability is therefore near-zero ("near" because in the security field it is theoretically impossible to state a 100% security under most circumstances). Please do check here while connected to an Air server: whatismyv6.com/ I have a tunnel terminated at my router so that my OS (WinXP) thinks I have a native IPv6 connection and gives me a public IP address through stateless autoconfig. That public IP was visible at whatismyipv6.com when the VPN was active. I'd say the risk is far more than non-zero. Quote Share this post Link to post
Staff 9973 Posted ... To answer to your question, the probability is therefore near-zero ("near" because in the security field it is theoretically impossible to state a 100% security under most circumstances). Please do check here while connected to an Air server:whatismyv6.com/I have a tunnel terminated at my router so that my OS (WinXP) thinks I have a native IPv6 connection and gives me a public IP address through stateless autoconfig. That public IP was visible at whatismyipv6.com when the VPN was active. I'd say the risk is far more than non-zero.Hello!It seems just fine. It's PPTP that tunnels your real IPv4 address in the IPv6, not OpenVPN.Please confirm that when you say "public IP was visible at whatismyipv6" you refer to the generated IPv6 address, not to your real IPv4 address. If whatismyipv6.com could see your real IPv4 public address (instead of the IPv4 address of the VPN server), please warn us as soon as possible.Kind regards Quote Share this post Link to post
Gooberslot 0 Posted ... It showed my IPv6 address. The one starting with 2001:. Quote Share this post Link to post
Staff 9973 Posted ... It showed my IPv6 address. The one starting with 2001:.Hello!Very well. Thank you for your time!Kind regards Quote Share this post Link to post
Staff 9973 Posted ... Any plans to support ipv6Hello!IPv6 will be fully supported in the future. Kind regards Quote Share this post Link to post
Guest amdou Posted ... Any plans to support ipv6 Hello! IPv6 will be fully supported in the future. Kind regards Any update on ipv6 support? Thanks Quote Share this post Link to post
Staff 9973 Posted ... Any plans to support ipv6 Hello! IPv6 will be fully supported in the future. Kind regards Any update on ipv6 support? Thanks Hello, no update at the moment. Kind regards Quote Share this post Link to post
r4nd0m 0 Posted ... for linux ubuntu linux users.... to disable ipv6 open a terminal and type the following lines: echo "#disable ipv6" | sudo tee -a /etc/sysctl.confecho "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.confecho "net.ipv6.conf.default.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.confecho "net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf or open /etc/sysctl.conf in a text editor and add the following lines to the end of the file: #disable ipv6net.ipv6.conf.all.disable_ipv6 = 1net.ipv6.conf.default.disable_ipv6 = 1net.ipv6.conf.lo.disable_ipv6 = 1# afterwards, reboot the network interfaces (sysctl) by typing this in the terminal:sudo sysctl -p Quote Share this post Link to post