Jump to content
Not connected, Your IP: 35.175.180.108
Sign in to follow this  
enonoft

ANSWERED IPv6 leaking, route not updating? (Linux)

Recommended Posts

I have both an iPv4 and an IPv6 assigned by my ISP.

When connecting to AirVPN with OpenVPN or with NetworkManager-ovpn (Arch Linux), my real IPv6 is still leaking. It seems that the route is not properly updated?

I noticed this line when using NetworkManager-ovpn

NetworkManager[913]: <info>  [1566313706.6182] vpn-connection[0x5644d7bee590,703fc898-9220-420a-ad6b-38c345a1f03a,"AirVPN_CountryName_UDP-443",9:(tun0)]: Data: No IPv6 configuration
A staff member mentioned here that NetworkManager is not supported anymore... 
However, using openvpn CLI (version 2.4.7) doesn't seem to change the IPv6 route either. There is nothing pertaining to ipv6 in the PUSH_REPLY message sent from the AirVPN servers, only ipv4.
 
$> ip -6 route
::1 dev lo proto kernel metric 256 pref medium
MY_ISP_IPv6_HERE::/64 dev enp4s0f2 proto ra metric 100 pref medium
MY_ISP_IPv6_HERE::/64 dev enp4s0f2 proto ra metric 202 mtu 1500 pref medium
fe80::/64 dev enp4s0f2 proto kernel metric 100 pref medium
fe80::/64 dev enp4s0f2 proto kernel metric 256 pref medium
fe80::/64 dev tun0 proto kernel metric 256 pref medium
default via fe80::f6ca:e5ff:fe5b:7a90 dev enp4s0f2 proto ra metric 100 pref medium
default via fe80::f6ca:e5ff:fe5b:7a90 dev enp4s0f2 proto ra metric 202 mtu 1500 pref medium

Am I stuck with disabling IPv6 entirely? Am I missing something obvious?

Share this post


Link to post

Hello!

We support connections with IPv4 (with IPv6 over IPv4 supported as well) and IPv6.

Maybe you connect in IPv4, can we see the configuration file you use to connect (remember to cut out all the certificates and key)?

In the Configuration Generator you can tick "Advanced Mode" to see all the available options.

If you want to connect in IPv4 and prevent IPv6 leaks, you can use ip6tables to block outgoing IPv6 packets and prevent IPv6 leaks (the Air client software will do that when "Network Lock" is enabled and IPv4 connection is used).

Kind regards
 

Share this post


Link to post

Thanks for the reply. I was not aware I had to explicitly pick ipv6 support from the config generator, I thought that was the default!
As per your recommendation, I just noticed this "Advanced" option. I'm still wondering why this is not the default option.
I was using a config that did not include the UV_IPV6 environment variable!

I get another error now but it should be only related to my system now, I'll look into it.

Fri Aug 23 04:16:57 2019 GDG6: remote_host_ipv6=n/a
Fri Aug 23 04:16:57 2019 ROUTE6_GATEWAY XX:XX:XX:XX:XX (redacted) IFACE=enp4s0f2
Fri Aug 23 04:16:57 2019 TUN/TAP device tun0 opened
Fri Aug 23 04:16:57 2019 TUN/TAP TX queue length set to 100
Fri Aug 23 04:16:57 2019 /usr/bin/ip link set dev tun0 up mtu 1500
Fri Aug 23 04:16:57 2019 /usr/bin/ip addr add dev tun0 X.X.X.X/24 (redacted) broadcast X.X.X.X (redacted)
Fri Aug 23 04:16:57 2019 /usr/bin/ip -6 addr add XX:XX:XX:XX:XX/64 (redacted dev tun0
RTNETLINK answers: Permission denied
Fri Aug 23 04:16:57 2019 Linux ip -6 addr add failed: external program exited with error status: 2
Fri Aug 23 04:16:57 2019 Exiting due to fatal error

Anyway great service by the way I'll keep recommending you.

Share this post


Link to post

Nevermind my previous message, this happens because ipv6 is disabled with sysctl. 
Should work fine with ipv6 enabled. 

Still a bit strange that ipv6 is leaking when it's disabled in kernel options. D:
But perhaps those are just flags which are not necessarily checked by all programs all the time (perhaps only at boot time? no idea)

Also apparently, even with ipv6 enabled and using NetworkManager (nm-applet) to load the configuration, ipv6 is still leaking. 
When using OpenVPN directly from the CLI, the ipv6 routing is fine.

Share this post


Link to post

I have tried importing config files with ipv6 preferred over ipv4 (the advanced option to the right in the config generator), but apparently the NetworkManager "VPN plugin" fails to parse the line with either:
 

proto udp6

or

proto tcp6

An error message pops up and the file is not imported. 
The ovpn configs can only be parsed with proto udp or proto tcp. Clearly the "VPN plugin" for NetworkManager (networkmanager-openvpn 1.8.10) is not working well and only allows ipv4.

Anyway, this is not a problem on AirVPN's side, but I hope this helps somebody else with this issue, and hopefully NetworkManager will get an update regarding this.

This issue is tracked there:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/130 
https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/issues/18

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...