With the massively increasing amount of IP addresses required by the global network each year, IPv4 can no longer meet the demand. That’s why IPv6 was introduced — to allow more unique TCP/IP identifiers to be created for each user.
While most of the internet uses the IPv4 protocol, there are ISPs that provide support for IPv6 as well. It is our duty to make sure that users are aware that, for the time being, our servers are compatible with the IPv4 internet protocol only. However, Proton VPN takes active measures to prevent any possible IPv6 leaks.
Proton VPN applications block all IPv6 traffic by default. To be precise, IPv6 traffic is disabled; any potential IPv6 traffic is routed to a black hole (null route) to ensure your device cannot make connections over IPv6. That way only IPv4 connects are possible to ensure your real IP address is not leaked. Also, by disabling IPv6 traffic on your network, your internet connection performance shouldn’t be affected as most internet services are accessible via IPv4.
You can configure your router to block all IPv6 traffic, however. Different routers feature different settings but most of them have an option to turn off IPv6 completely. This way you wouldn’t have to disable IPv6 on each of your devices, but keep in mind that it is not possible to turn off IPv6 traffic on Android and iOS. In order to disable IPv6 on your router, please check router user manual or consult with an IT specialist.
You can turn off IPv6 traffic directly on Windows, macOS and Linux.
Is there no plan to support IPv6, instead of the hacky countermeasure of disabling it?
0
Hello Zakku, we do plan to support ipv6 in the future, but there is no ETA for that, for now we want to make sure our customers gets the most secure connection possible.
0
hi. i’m only using proton on my i-pad. i’m using it so that my sites visted cannot be monitored from my home router. so i’m not understanding if ipv6 ‘leakage’ matters to me or not. i don’t care if my location is exposed. i just want to keep my websites visited from prying eyes. can you give me feedback? thanks :)
0
Hello Jim, You should check ipleak.net when connected to the VPN server, the perfect connection is when you get one single IP and one single DNS same as IP address. As for the router, it cannot be monitored if the person trying to spy on you has remote access to it.
0
For users of Ubuntu (and probably other GNU/Linux systems), there’s a fairly easy way to make sure that your IPv6 address doesn’t leak. You can disable IPv6 entirely using sysctl. At the bottom of this post is a script you can use, which will automatically detect whether a “tap” device or “tun” device is present. If so, IPv6 will be blocked automatically. Otherwise IPv6 will be re-enabled.
Please note that once IPv6 is disabled, it might not be re-enabled until you disconnect and reconnect to your network. Consequently, some websites might not work.
I also provided a convenient way to keep IPv6 disabled, regardless. You just need to uncomment one line of code.
PS: You could totally execute this script automatically via udev. That way, it will run everytime you use a VPN. SUBSYSTEM==”net”
Without further adu, here’s the script:
### Detect the presence/absence of a VPN
if [ “$(ip link show | awk -F ‘[: ]’ ‘{if ($3 ~ /tun|tap/) print $3}’)” ]; then ip_status=1; else ip_status=0; fi
### If you want IPv6 to remain disabled regaurdless of whether you are on a VPN, uncomment the line below.
#ip_status=0
### Disable/enable IPv6
for ip_six_devs in all default lo; do sudo sysctl net.ipv6.conf.${ip_six_devs}.disable_ipv6=${ip_status}; done
0
Using your VPN for just 4 days. Trial.
Was disappointed to check that only Singapore server was blocking ipv6, All other servers are leaking ipv6.
0
Hello Pearl, please contact our customer support team with detailed information and screenshots of the issue. https://protonvpn.com/support-form
0
So I thought I had set up the CLI correctly but I am getting the following when trying to connect. Please advise.
[!] Error connecting to VPN.
[!] There are issues in managing IPv6 in the system. Please test the system for the root cause.
Not being able to manage IPv6 by protonvpn-cli might cause issues in leaking the system’s IPv6 address.
0
Hello, please update the client using “pvpn –update” and run the client again using “pvpn -init”. If this does not help, please contact our customer support team – https://protonvpn.com/support-form
0
This problem has come up again and oddly enough just started back today. It seemed to resolve itself shortly after my previous post. However, now that it is back disconnecting, doing protonvpn-cli -init and reconnecting along with a reboot doesn’t seem to be doing the trick. What gives?
0
Hello John, please contact our customer support team and we will do our best to help you out! https://protonvpn.com/support-form
0
Hi guys,
Yeah, I’m experiencing what I gather is an IPv6 leak too. I didn’t last week, when using Ubuntu 17.10, and now after uprading to 18.04 I am.
One difference I’ve noticed, is that the vpn command-line worked on 17.10, and the Network-manger (gui) didn’t. This is now flipped around, so on 18.04 the vpn command-line doesn’t work, but the Network-manager does.
Right after I upgraded to 18.04, the cli told me that it wasn’t initialized, so I ran the init-command, which told me that it WAS initialized already, and so on, kind of looping. Now however, when I run the cli (protonvpn-cli.sh -f) it seems to time out and gives me the message:
Fetching ProtonVPN Servers…
Connecting…
[!] Error connecting to VPN.
And still it works (with IPv6 leaking) through the network manager.
I’m far from an expert on all of this, though I do have a bit of experience.
Any pointers?
0
Hello Allan, thank you for the detailed information. 18.04 version might be missing something, have you tried apt-get update, apt-get upgrade? Install all of the latest updates. Then we would suggest to re-initiate the client again. pvpn -init , then pres Y to re-initiate enter the username and password of openvpn. After doing so try connecting again and if no luck, try reinstalling the client itself with command pvpn –uninstall. Then re-do the installation and test it one more time.
0
Hi
This information can’t be true: I am still able to surf the web using IPv6 when using your VPN.
Hell, in SecureCore mode it also leaks my REAL public IPv6 to websites when using a Torrent! (REALLY not what you’d want)
If you’re not blocking IPv6, you should notify the user about that when he is opening the program. Tell him to deactivate IPv6 entirely on his device or else his real IP will be leaked when using BitTorrent.
I’ve seen that the IPv6 IP address disappears on websites ONLY when using SecureCore, but the detection via Torrent is still possible! Also you’re not talking about SecureCore here. So why is it that my device (Windows 10) can establish IPv6 connections while I’m using your VPN?
IPv6 is enabled, because I got no notification that is could cause such issues.
Try it yourself using ipleak.net
0
Hello. We are greatly concerned about this as we are not able to reproduce it on our devices. Would you mind forwarding this information and some of the screenshots with evidence to our customer support team? https://protonvpn.com/support-form
0
Often times on peppermint I am receiving the following error:
Error connecting to VPN.
[!] This is an error in enabling ipv6 on the machine. Please enable it manually.
However, I intentionally had to disable ipv6 as my machine was constantly showing DNS leaks. I am using the protonvpn client for linux. Sometimes this can be resolved by disconnecting and then doing protonvpn-cli –init ….sometimes this doesn’t solve it at all. advice?
0
Hello John. Does that happen often, did you spot any re-occurance? Do you test both, TCP and UDP protocols with same result? Please contact our support: https://protonvpn.com/support-form
0
Hi John,
Did you find a resolution to this issue? I am experiencing the same.
Cheers,
J
0