Menu
What's new
By:
Filters Better Search

Close OpenVPN IPv6 leakage

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

eclp

eclp

Senior Member
When using OpenVPN, is it possible to disable IPv6 via the configuration file (*.ovpn) so that no leakage occurs (or any other possibility)? My VPN provider supports IPv6 but unfortunately the protocol will not be supported by the Merlin firmware in the foreseeable future. I want to avoid to disable IPv6 completely in the router settings because devices not using VPN will still get an IPv6 address.

Any answer or help is highly appreciated!

:)
 
IPv6 is enabled in my IPv6 tab and I also get a native IPv6 address from my service provider. This setting should be kept for clients that do not use VPN.
 
Last edited:
eclp said:
When using OpenVPN, is it possible to disable IPv6 via the configuration file (*.ovpn) so that no leakage occurs (or any other possibility)? My VPN provider supports IPv6 but unfortunately the protocol will not be supported by the Merlin firmware in the foreseeable future. I want to avoid to disable IPv6 completely in the router settings because devices not using VPN will still get an IPv6 address.

Any answer or help is highly appreciated!

:)
Click to expand...
If you add the following lines under custom configuration:

pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"

Adding these 2 lines in custom configurations insures that the VPN doesn't use ipV6 traffic.

Would this work?
 
Thank you very much for your reply.

The VPN connection with pull-filter works, but the IPv6 leak still exists.
The following notes appear in the syslog:

Code: 
ovpn-client1: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
ovpn-client1: OpenVPN ROUTE: failed to parse/resolve route for host/network: fc00::/7
ovpn-client1: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
ovpn-client1: OpenVPN ROUTE: failed to parse/resolve route for host/network: 3000::/4
ovpn-client1: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
ovpn-client1: OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/4
ovpn-client1: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
ovpn-client1: OpenVPN ROUTE: failed to parse/resolve route for host/network: ::/3

o_O
 
It disappoints me a little bit that in case of an IPv6 leak there seems to be no other possibility than to pull the "IPv6 plug" out of the socket. Or maybe the right people who know the possible answer have not read it yet? It would be nice if there were other approaches I could try.

Please help me further! :)
 
eclp said:
It disappoints me a little bit that in case of an IPv6 leak there seems to be no other possibility than to pull the "IPv6 plug" out of the socket. Or maybe the right people who know the possible answer have not read it yet? It would be nice if there were other approaches I could try.

Please help me further! :)
Click to expand...
You could probably do something with ip6tables
 
1) the firmware supports dual stack VPN... using TAP tunnels.
2) No you cannot disable it this way, you need to disable it in your LAN/Wifi adapter... Yes that sucks but there is no reasonable way to do that. You can also try to give your TUN IPV4 rule highest priority on the client side.
 
Jack Yaz said:
You could probably do something with ip6tables
Click to expand...

Not sure, but would this possible solution apply to all clients? And could we exclude devices that should not use VPN? Do you have a sample code that I could try?

:)
 
switch tun to tap tunnel and you get dual stack ipv4 and ipv6 tunnel.. doesn't work on Android clients though :/
 
You must log in or register to reply here.

Similar threads

C
VPN doing a lot of unrecognized options without them even being in the config IPV6 issue
Replies
3
Views
1K
RMerlin
RMerlin
T
[Help] Problems setting up OpenVPN
Replies
7
Views
357
Thookie
T
Zigster
IPV6 and OpenVPN on Asus Merlin on Asus GT-AXE11000
Replies
0
Views
956
Zigster
Zigster
T
[GNUTON] RT-AX82U v1 Issue with Wireguard
Replies
2
Views
550
Tech9
Tech9
B
IPv6 and NextDNS Configuration Assistance Request
Replies
19
Views
988
easyriider
easyriider
Similar threads
Thread starter Title Forum Replies Date
D Solved Openvpn client dns Asuswrt-Merlin 2
PR3MIUM WireGuard removing OpenVPN on ASUS Routers ? Asuswrt-Merlin 2
T [Help] Problems setting up OpenVPN Asuswrt-Merlin 7
N dedicated router for OpenVPN Asuswrt-Merlin 4
N Solved OpenVPN Server split tunnell config Asuswrt-Merlin 5
C Connection to router by ip fails while remote over OpenVPN Asuswrt-Merlin 17
S OpenVPN LAN access + one external IP Asuswrt-Merlin 3
J VPN director Multiple OpenVPN clients Asuswrt-Merlin 7
G OpenVPN Server log, is this in error ? Asuswrt-Merlin 7
H Extremely low speed on ac86u with openvpn client Asuswrt-Merlin 7

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 825 (members: 29, guests: 796)
Top