Jump to content
Not connected, Your IP: 18.206.14.135
yoyall

ANSWERED Trying to understand ipv6 leak implications

Recommended Posts

I understand the implications of ipv4 leaks but I'm trying to get my head around the implications of an ipv6 leak.

 

Let's say:

1) Your ipv4 traffic is encrypted in an openvpn session.

2) You've got solid firewall rules to limit ipv4 traffic to the airvpn server.

3) BUT you've got an ipv6 leak.

 

Can your ISP see what you're doing with your ipv4 traffic?

 

Cheers,

Jules 

Share this post


Link to post

The leak occurs if an application decides to use IPv6 to connect. To not let that happen it's a good idea to disable IPv6 completely if you utilize IPv4 only. But everything IPv4 is routed via AirVPN in your post's case.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Hello!

 

In addition: some ISPs now provide IPv6 connectivity only (IPv4 is encapsulated in IPv6). In such a case, disabling IPv6 is not an option, but you can connect directly in IPv6 to every Air VPN server supporting IPv6 (all of them do with very few exceptions). OpenVPN 2.4 or higher is required.

 

See also:

https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features/

 

Kind regards

 

Just out of curiosity... why is disabling IPv6 not an option?

 

My ISP actually uses DS - Lite (IPv4 over Ipv6). However, i have deactivated IPv6 completely on system level (Ubuntu 18.04), and i have no problems. As far as i know, the IPv6 provided by DS - Lite is not routable, so why not deactivate it and avoiding the risk of an IPv6 Leak?

 

Please correct me if i am wrong...

 

Kind regards,

 

Fox.

Share this post


Link to post

It's for the newbies. Staff just wants to say that blindly disabling IPv6 is a bad idea, unless you know for sure your ISP does not route IPv6 (which newbies don't always know).


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Let's say that your ISP doesn't support IPv6 and you disable IPv6.

 

1) Is there any benefit or risk selecting (via the config generator) the option of IPv4 and IPv6 (connecting with IPv4)?

 

2) As you would be connecting with IPv4, am I correct in assuming that you would not need ip6tables rules to limit traffic to the airvpn server - as iptables rules would be sufficient???

Share this post


Link to post

It's for the newbies. Staff just wants to say that blindly disabling IPv6 is a bad idea, unless you know for sure your ISP does not route IPv6 (which newbies don't always know).

Ok, thank you for explaining.

Share this post


Link to post

1) Is there any benefit or risk selecting (via the config generator) the option of IPv4 and IPv6 (connecting with IPv4)?

 

None and none. You disabled IPv6, it will connect via v4.

 

2) As you would be connecting with IPv4, am I correct in assuming that you would not need ip6tables rules to limit traffic to the airvpn server - as iptables rules would be sufficient???

 

Well, think about it for a moment. You disabled IPv6 functionality completely. Why would you need ip6tables, then?


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Got it!

 

What I hadn't quite understood was whether the airvpn server was handling all ipv6 traffic and sending it to me via my ipv4 connection. But now that I think about it - that traffic would have to somehow be converted into ipv4 traffic - not just tunneled. I just did a test and could see that disabling ipv6 stopped ipv6 traffic even though I was connecting to airvpn via ipv4 with ipv6 support - I then enabled it and there it was. Understood...

 

Still - all things considered - I think I'm going to stick to ipv4 and leave ipv6 disabled until I have good reason to enable.

 

Thanks again for the input and assistance!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...