this post was submitted on 05 Oct 2024
48 points (100.0% liked)

Linux

48214 readers
711 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I was setting up my laptop for traveling and adding Wireguard VPN configuration.

The Wireguard config generated by router only contains IPv4 address (10.0.5.x), and while testing the VPN to my surprise "what is my ip" websites can find my IPv6 address (I USB tethered mobile connection to my laptop).

It looks like NetworkManager does nothing about IPv6 connection if VPN doesn't have IPv6 settings, which is bad for road warrior type of VPN configuration.

Is there an easy toggle to turn of IPv6 if VPN is connected and otherwise? Or is only option to disable all IPv6 no matter what?

all 15 comments
sorted by: hot top controversial new old
[–] Supermariofan67 3 points 1 month ago

Best to set a firewall rule with nftables to block non-vpn traffic from leaving (you should also do the save for IPv4 traffic to prevent leaks in case the tunnel disconnects)

[–] [email protected] 3 points 1 month ago

I tried the same setup with Ubuntu 24.04.1 desktop live system and I can replicate this IP leak issue, I guess I will have to disable IPv6.

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago) (1 children)

You could edit your configuration to change the wireguard connection's AllowedIPs from 0.0.0.0/0 to 0.0.0.0/0,::/0 so that IPv6 traffic is routed over it. Regardless of if your wireguard endpoint actually supports it, this will at least stop IPv6 traffic from leaking.

[–] [email protected] 2 points 1 month ago (1 children)

Wireguard config already includes "::/0"

[–] [email protected] 1 points 1 month ago

If you have ::/0 in your AllowedIPs and v6 connections are bypassing your VPN, that is strange.

What does ip route get 2a00:1450:400f:801::200e (an IPv6 address for google) say?

I haven't used wireguard with NetworkManager, but using wg-quick it certainly adds a default v6 route when you have ::/0 in AllowedIPs.