Jump to content
Not connected, Your IP: 44.192.52.167
kosamja

IPv6 is enabled in Debian. Will location and information leak happen when using IPv4-only config files?

Recommended Posts

I am using Debian 11.4 with backported kernels and so on.

IPv6 is enabled in Debian. It means that when I am not using a VPN, I surf the internet with IPv4 and IPv6 enabled.

Now all my AirVPN config files are based on IPv4; none is based on IPv6.

Having said that,

1. When my machine is trying to connect to an AirVPN server using an IPv4 config file, will my location be leaked to the internet via IPv6?

2. When my machine is already connected to an AirVPN server using an IPv4 config file, will my location or sensitive data be leaked via IPv6?

Share this post


Link to post

If the config doesn't set v6 routes, yes, IPv6 will talk to the clearnet, when connecting and during connection. What's worse is, your system will systematically prefer that connection, because IPv6 is. I strongly advise to not disable v6 but to route it through the tunnel instead.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Unofficial Eddie for Android F-Droid repository: repo.opensourcery.eu

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
On 7/29/2022 at 4:03 PM, OpenSourcerer said:

If the config doesn't set v6 routes, yes, IPv6 will talk to the clearnet, when connecting and during connection. What's worse is, your system will systematically prefer that connection, because IPv6 is. I strongly advise to not disable v6 but to route it through the tunnel instead.


If that's the case, then why does AirVPN offer IPv4-only config files? Don't you think that AirVPN should highlight your above reply as a warning to all who prefer IPv4-only configuration files?

P.S.: Thank you for your reply.

Share this post


Link to post
5 hours ago, kosamja said:

If that's the case, then why does AirVPN offer IPv4-only config files? Don't you think that AirVPN should highlight your above reply as a warning to all who prefer IPv4-only configuration files?

P.S.: Thank you for your reply.

Hello!

They are important for IPv4 only systems. The word "only" in "IPv4 only" has a definite meaning of "only" and it is available in the Internet Protocol version options (both in the Configuration Generator, where you can only see it by clicking "Advanced mode", and in Eddie and the AirVPN Suite configuration files and options). If someone doesn't know what an option does, he/she should refrain from activating it.

Kind regards
 

Share this post


Link to post
15 hours ago, Staff said:
They are important for IPv4 only systems. 

First of all, I wish to thank you, Staff, for your clarification.
 
On 7/29/2022 at 4:03 PM, OpenSourcerer said:

If the config doesn't set v6 routes, yes, IPv6 will talk to the clearnet, when connecting and during connection. What's worse is, your system will systematically prefer that connection, because IPv6 is. I strongly advise to not disable v6 but to route it through the tunnel instead.


Secondly, Staff, do you agree with OpenSourcerer's statement that it is best not to disable IPv6 at all in Debian? I need a clarification from you because I have another machine where the following actions were performed:

sudo nano /etc/default/grub

Add the following line to grub

GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet"

sudo update-grub #to activate the change


 

Share this post


Link to post

The fear of IPv6 stems from every interface being able to have a worldwide unique address, and this address was not random at all before Privacy Extensions was the norm (perfect for targeting purposes). PE is the norm now, so everytime you (re)connect to a network, or through other factors, the Interface ID is randomized. In essence, your IP is randomized.
People will also argue that v4 is easier to memorize, it "just works" and it's better for privacy because by using NAT it's easier to share an IP address. Weak points, all of them. About the latter, IPv6 is working the same way with AirVPN: v6 is NATed and you share one common v6 (of that server) with all clients.

I, for one, are quite happy that the v4 only option is there. It's what I use to torrent through my all-time favorite CH server, while practically the rest of the internet remains accessible through my ISP with v6 (as stated, systematic preference). With this I eradicated the everlasting problem of websites blocking VPNs. :)


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Unofficial Eddie for Android F-Droid repository: repo.opensourcery.eu

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Thank you, OpenSourcerer, for your latest reply.

Now, let us go back to your first reply to my original post in which you wrote:
 

On 7/29/2022 at 4:03 PM, OpenSourcerer said:

If the config doesn't set v6 routes, yes, IPv6 will talk to the clearnet, when connecting and during connection. What's worse is, your system will systematically prefer that connection, because IPv6 is. I strongly advise to not disable v6 but to route it through the tunnel instead.


My original post is about IPv6 is enabled in Debian.

I have another machine that also runs Debian but with IPv6 disabled in /etc/default/grub by adding the following line (in grub):

GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet"

If I use AirVPN IPv4-only configuration files (meaning the configuration files do not set IPv6 routes), there is no way for IPv6 to talk to the clearnet, am I correct?
 

Share this post


Link to post
4 hours ago, kosamja said:

If I use AirVPN IPv4-only configuration files (meaning the configuration files do not set IPv6 routes), there is no way for IPv6 to talk to the clearnet, am I correct?


v6 is disabled by kernel parameter, so yes, in this state v6 cannot be used system-wide.
I was just remarking that it's an unnecessary step to disable it like that, one I consider "legacy", and that it shouldn't be done anymore.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Unofficial Eddie for Android F-Droid repository: repo.opensourcery.eu

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
On 8/22/2022 at 6:35 AM, OpenSourcerer said:

PE is the norm now, so everytime you (re)connect to a network, or through other factors, the Interface ID is randomized. In essence, your IP is randomized.

IPv6 is working the same way with AirVPN: v6 is NATed and you share one common v6 (of that server) with all clients.


On AirVPN's official web pages, there is no mention that it uses Privacy Extensions and that IPv6 is NATed so that we share one common IPv6 (of the server). Why does AirVPN omit those statements, I wonder? If AirVPN mentions them, they will address its customers' concerns about privacy, don't you think?

Share this post


Link to post
11 hours ago, kosamja said:

On AirVPN's official web pages, there is no mention that it uses Privacy Extensions and that IPv6 is NATed so that we share one common IPv6 (of the server). Why does AirVPN omit those statements, I wonder? If AirVPN mentions them, they will address its customers' concerns about privacy, don't you think?

Hello!

IPv6 Privacy Extensions pertaining to network card MAC and more are Operating Systems features while you can find the other info about subnet and more on the specifications page here:
https://airvpn.org/specs

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...