Netgate SG-1000 microFirewall

Author Topic: v2.4.2 - IPV6 Leak using OpenVPN - PIA (Private Internet Access)  (Read 267 times)

0 Members and 1 Guest are viewing this topic.

Offline securedspace

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
v2.4.2 - IPV6 Leak using OpenVPN - PIA (Private Internet Access)
« on: December 09, 2017, 11:52:42 pm »
Hello,

First post - I bought a new Protectli box to install PFsense on for the first time. I installed the newest version, 2.4.2 and am setting it up. I wasn't able to get PIA's instructions to work properly since it seems that their screenshots were from an older version of PFsense.

Specifically of concern is their version of PFSense has an option to disable IPV6 from the OpenVPN configuration. That doesn't appear in v2.4.2, or if it does, the wording has changed and I don't see it.

I was able to connect to the VPN over PFsense, however when I went to an IPV6 site, whatismyip dot com, it was able to see my true home IP address. However IPV4-based sites did show my PIA VPN IP.

PIA discusses IPV6 leakage as a problem and claims that IPV6 is too expensive and too new to bother supporting. PIA is my first and only VPN I have used for the last few years and don't know if any other VPN providers are offering IPV6 or if PIA is being cheap. PIA does offer IPV6 leak protection if using their proprietary application however my goal with buying the Protectli box was to set up PFsense to be my VPN for all outbound traffic.

Please advise if there is a setting to block IPV6 - my search results of the forum here just showed several very old posts that were not helpful. Or is the recommendation that I either change VPN providers, downgrade PFsense software, or to return the Protecli box if it's just not possible to protect against IPV6 leaks.

Thanks so much in advance for any help.

Offline jamesonp

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +7/-0
    • View Profile
Re: v2.4.2 - IPV6 Leak using OpenVPN - PIA (Private Internet Access)
« Reply #1 on: December 10, 2017, 02:18:29 am »
Why not just disable IPv6 on your WAN and LAN interface?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9606
  • Karma: +1090/-309
    • View Profile
Re: v2.4.2 - IPV6 Leak using OpenVPN - PIA (Private Internet Access)
« Reply #2 on: December 10, 2017, 11:23:12 am »
If you don't want IPv6, disable it or block it.

If you don't want it on a specific host that gets routed to PIA or something, disable IPv6 on that host.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline securedspace

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: v2.4.2 - IPV6 Leak using OpenVPN - PIA (Private Internet Access)
« Reply #3 on: December 10, 2017, 11:33:44 am »
Why not just disable IPv6 on your WAN and LAN interface?

That sounds like a great idea! Can you walk me through where that option exists?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9606
  • Karma: +1090/-309
    • View Profile
Re: v2.4.2 - IPV6 Leak using OpenVPN - PIA (Private Internet Access)
« Reply #4 on: December 10, 2017, 12:23:59 pm »
Interfaces > WAN

Interfaces > LAN

IPv6 Configuration Type: None
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline securedspace

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: v2.4.2 - IPV6 Leak using OpenVPN - PIA (Private Internet Access)
« Reply #5 on: December 10, 2017, 05:03:18 pm »
Interfaces > WAN

Interfaces > LAN

IPv6 Configuration Type: None

That seems to have worked! At least with respect to making that one IPV6 website display my PIA VPN. I assume that the website preferentially loads with IPV6 but if that's not available, it will force IPV4. I only have a basic understanding of networking though.

I did have to disable the IPV6 DHCP service that was running before it let me disable the LAN IPV6 but that only took me a second to figure out where it was.

Anything else I should try to ensure IPV6 isn't leaking my real IP?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9606
  • Karma: +1090/-309
    • View Profile
Re: v2.4.2 - IPV6 Leak using OpenVPN - PIA (Private Internet Access)
« Reply #6 on: December 10, 2017, 05:54:43 pm »
It is up to the client whether it uses IPv4 or IPv6 when it thinks it has IPv6 connectivity and both AAAA and A records to choose from.

With IPv6 disabled on WAN I can't see anything else helping more.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM