kosamja 0 Posted ... I am using Debian 11.4 with backported kernels and so on. IPv6 is enabled in Debian. It means that when I am not using a VPN, I surf the internet with IPv4 and IPv6 enabled. Now all my AirVPN config files are based on IPv4; none is based on IPv6. Having said that, 1. When my machine is trying to connect to an AirVPN server using an IPv4 config file, will my location be leaked to the internet via IPv6? 2. When my machine is already connected to an AirVPN server using an IPv4 config file, will my location or sensitive data be leaked via IPv6? Quote Share this post Link to post
OpenSourcerer 1437 Posted ... If the config doesn't set v6 routes, yes, IPv6 will talk to the clearnet, when connecting and during connection. What's worse is, your system will systematically prefer that connection, because IPv6 is. I strongly advise to not disable v6 but to route it through the tunnel instead. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
kosamja 0 Posted ... On 7/29/2022 at 4:03 PM, OpenSourcerer said: If the config doesn't set v6 routes, yes, IPv6 will talk to the clearnet, when connecting and during connection. What's worse is, your system will systematically prefer that connection, because IPv6 is. I strongly advise to not disable v6 but to route it through the tunnel instead. If that's the case, then why does AirVPN offer IPv4-only config files? Don't you think that AirVPN should highlight your above reply as a warning to all who prefer IPv4-only configuration files? P.S.: Thank you for your reply. Quote Share this post Link to post
Staff 9990 Posted ... 5 hours ago, kosamja said: If that's the case, then why does AirVPN offer IPv4-only config files? Don't you think that AirVPN should highlight your above reply as a warning to all who prefer IPv4-only configuration files? P.S.: Thank you for your reply. Hello! They are important for IPv4 only systems. The word "only" in "IPv4 only" has a definite meaning of "only" and it is available in the Internet Protocol version options (both in the Configuration Generator, where you can only see it by clicking "Advanced mode", and in Eddie and the AirVPN Suite configuration files and options). If someone doesn't know what an option does, he/she should refrain from activating it. Kind regards Quote Share this post Link to post
kosamja 0 Posted ... 15 hours ago, Staff said: They are important for IPv4 only systems. First of all, I wish to thank you, Staff, for your clarification. On 7/29/2022 at 4:03 PM, OpenSourcerer said: If the config doesn't set v6 routes, yes, IPv6 will talk to the clearnet, when connecting and during connection. What's worse is, your system will systematically prefer that connection, because IPv6 is. I strongly advise to not disable v6 but to route it through the tunnel instead. Secondly, Staff, do you agree with OpenSourcerer's statement that it is best not to disable IPv6 at all in Debian? I need a clarification from you because I have another machine where the following actions were performed:sudo nano /etc/default/grub Add the following line to grub GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet" sudo update-grub #to activate the change Quote Share this post Link to post
OpenSourcerer 1437 Posted ... The fear of IPv6 stems from every interface being able to have a worldwide unique address, and this address was not random at all before Privacy Extensions was the norm (perfect for targeting purposes). PE is the norm now, so everytime you (re)connect to a network, or through other factors, the Interface ID is randomized. In essence, your IP is randomized. People will also argue that v4 is easier to memorize, it "just works" and it's better for privacy because by using NAT it's easier to share an IP address. Weak points, all of them. About the latter, IPv6 is working the same way with AirVPN: v6 is NATed and you share one common v6 (of that server) with all clients. I, for one, are quite happy that the v4 only option is there. It's what I use to torrent through my all-time favorite CH server, while practically the rest of the internet remains accessible through my ISP with v6 (as stated, systematic preference). With this I eradicated the everlasting problem of websites blocking VPNs. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
kosamja 0 Posted ... Thank you, OpenSourcerer, for your latest reply. Now, let us go back to your first reply to my original post in which you wrote: On 7/29/2022 at 4:03 PM, OpenSourcerer said: If the config doesn't set v6 routes, yes, IPv6 will talk to the clearnet, when connecting and during connection. What's worse is, your system will systematically prefer that connection, because IPv6 is. I strongly advise to not disable v6 but to route it through the tunnel instead. My original post is about IPv6 is enabled in Debian. I have another machine that also runs Debian but with IPv6 disabled in /etc/default/grub by adding the following line (in grub):GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet" If I use AirVPN IPv4-only configuration files (meaning the configuration files do not set IPv6 routes), there is no way for IPv6 to talk to the clearnet, am I correct? Quote Share this post Link to post
OpenSourcerer 1437 Posted ... 4 hours ago, kosamja said: If I use AirVPN IPv4-only configuration files (meaning the configuration files do not set IPv6 routes), there is no way for IPv6 to talk to the clearnet, am I correct? v6 is disabled by kernel parameter, so yes, in this state v6 cannot be used system-wide. I was just remarking that it's an unnecessary step to disable it like that, one I consider "legacy", and that it shouldn't be done anymore. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
kosamja 0 Posted ... On 8/22/2022 at 6:35 AM, OpenSourcerer said: PE is the norm now, so everytime you (re)connect to a network, or through other factors, the Interface ID is randomized. In essence, your IP is randomized. IPv6 is working the same way with AirVPN: v6 is NATed and you share one common v6 (of that server) with all clients. On AirVPN's official web pages, there is no mention that it uses Privacy Extensions and that IPv6 is NATed so that we share one common IPv6 (of the server). Why does AirVPN omit those statements, I wonder? If AirVPN mentions them, they will address its customers' concerns about privacy, don't you think? Quote Share this post Link to post
Staff 9990 Posted ... 11 hours ago, kosamja said: On AirVPN's official web pages, there is no mention that it uses Privacy Extensions and that IPv6 is NATed so that we share one common IPv6 (of the server). Why does AirVPN omit those statements, I wonder? If AirVPN mentions them, they will address its customers' concerns about privacy, don't you think? Hello! IPv6 Privacy Extensions pertaining to network card MAC and more are Operating Systems features while you can find the other info about subnet and more on the specifications page here:https://airvpn.org/specs Kind regards Quote Share this post Link to post