IPv6 not being VPNed.

Gooberslot

IPv6 connections aren't going over the VPN. I don't know if this is due to OpenVPN not supporting IPv6 or your servers not supporting it but it's a big security issue. Maybe there should be an option in the client to disable IPv6 and then re-enable it when quitting.

Staff

IPv6 connections aren't going over the VPN. I don't know if this is due to OpenVPN not supporting IPv6 or your servers not supporting it but it's a big security issue. Maybe there should be an option in the client to disable IPv6 and then re-enable it when quitting.

Hello!

We don' support IPv6 at the moment.

For additional security, how to disable IPv6 in Windows 7:

[EDIT: link removed - see next message in this thread]

How to disable IPv6 in Linux:

https://wiki.archlinux.org/index.php/Disabling_IPv6

Please do not hesitate to contact us for any further information.

Kind regards

athelstan

For additional security, how to disable IPv6 in Windows 7:
http://www.addictivetips.com/windows-tips/how-to-disable-ipv6-in-windows-7/

The info on that site is WRONG.

To disable IPv6, the correct value of the DisabledComponents registry key is "0xffffffff". Setting the value to "0" will enable IPv6.

See:

http://practicalrambler.blogspot.com/2011/05/how-to-disable-ipv6-and-teredo-in.html

http://support.microsoft.com/kb/929852

Markex

Why there haven't been any info about this security problem? i was in that belief that open vpn secures ipv6...

Staff

Why there haven't been any info about this security problem? i was in that belief that open vpn secures ipv6...

Hello!

We're going to add it in the FAQ too.

Kind regards

rumplegoat

I thought the same as Markex. Was aware of the documented danger on PPTP but the info at the time said Openvpn was not affected.

To think I changed to an Openvpn provider due to the less secure PPTP of ex supplier and to finally be rid of doubts of this ipv6 issue.

I only can thank the original poster for pointing this issue out so instructions could be given to to the rest of us.

I will ask the Admin if an average person followed your orignal instructions, installed your client and happened to use both a very popular OS, that has IPV6 switched on by default and the most popular torrent software, which doesn't easily allow IPv6 to be turned off - Is it likely all the connections were bypassing the VPN without the users knowledge?

Staff

I thought the same as Markex. Was aware of the documented danger on PPTP but the info at the time said Openvpn was not affected.
To think I changed to an Openvpn provider due to the less secure PPTP of ex supplier and to finally be rid of doubts of this ipv6 issue.
I only can thank the original poster for pointing this issue out so instructions could be given to to the rest of us.
I will ask the Admin if an average person followed your orignal instructions, installed your client and happened to use both a very popular OS, that has IPV6 switched on by default and the most popular torrent software, which doesn't easily allow IPv6 to be turned off - Is it likely all the connections were bypassing the VPN without the users knowledge?

Hello!

You're right, OpenVPN is not affected by the vulnerability discovered on PPTP.

The IPv6 contains either your true IPv4 or your MAC address. If you point for example to a web site using an IPv6 address, with PPTP your REAL IPv4 address will be tunneled over PPTP, disclosing it to a malicious entity. OpenVPN does not have this vulnerability.

Also, your IPv6 address is generated by the IPv4 address assigned to you. The IPv6 loopback interface never get out of your network card (think of it as the equivalent of 127.0.0.1 IPv4), it can only communicate on the local machine.

Currently we don't support IPv6 at all. When the time will come, support to IPv6 will be added with the usual security standards.

To answer to your question, the probability is therefore near-zero ("near" because in the security field it is theoretically impossible to state a 100% security under most circumstances). Please do check here while connected to an Air server:

http://whatismyv6.com/

You should be able to see ONLY the IPv4 exit-IP of the VPN server you're connected to. Connection to their IPv6 web site should fail.

Kind regards

Gooberslot

To answer to your question, the probability is therefore near-zero ("near" because in the security field it is theoretically impossible to state a 100% security under most circumstances). Please do check here while connected to an Air server:
whatismyv6.com/

I have a tunnel terminated at my router so that my OS (WinXP) thinks I have a native IPv6 connection and gives me a public IP address through stateless autoconfig. That public IP was visible at whatismyipv6.com when the VPN was active. I'd say the risk is far more than non-zero.

Staff

To answer to your question, the probability is therefore near-zero ("near" because in the security field it is theoretically impossible to state a 100% security under most circumstances). Please do check here while connected to an Air server:
whatismyv6.com/
I have a tunnel terminated at my router so that my OS (WinXP) thinks I have a native IPv6 connection and gives me a public IP address through stateless autoconfig. That public IP was visible at whatismyipv6.com when the VPN was active. I'd say the risk is far more than non-zero.

Hello!

It seems just fine. It's PPTP that tunnels your real IPv4 address in the IPv6, not OpenVPN.

Please confirm that when you say "public IP was visible at whatismyipv6" you refer to the generated IPv6 address, not to your real IPv4 address. If whatismyipv6.com could see your real IPv4 public address (instead of the IPv4 address of the VPN server), please warn us as soon as possible.

Kind regards

Gooberslot

It showed my IPv6 address. The one starting with 2001:.

Staff

It showed my IPv6 address. The one starting with 2001:.

Hello!

Very well. Thank you for your time!

Kind regards

Any plans to support ipv6

Staff

Any plans to support ipv6

Hello!

IPv6 will be fully supported in the future.

Kind regards

Any plans to support ipv6

Hello!

IPv6 will be fully supported in the future.

Kind regards

Any update on ipv6 support?

Thanks

Staff

Any plans to support ipv6

Hello!

IPv6 will be fully supported in the future.

Kind regards

Any update on ipv6 support?

Thanks

Hello,

no update at the moment.

Kind regards

r4nd0m

for linux ubuntu linux users....

to disable ipv6 open a terminal and type the following lines:

echo "#disable ipv6" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf

or open /etc/sysctl.conf in a text editor and add the following lines to the end of the file:

#disable ipv6

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

net.ipv6.conf.lo.disable_ipv6 = 1

#

afterwards, reboot the network interfaces (sysctl) by typing this in the terminal:

sudo sysctl -p

IPv6 not being VPNed.

Recommended Posts

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Guest amdou

Share this post

Link to post

Share this post

Link to post

Guest amdou

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Join the conversation