IPv6 Is Nice But It Circumvents My VPN Tunnel

I like IPv6 and I think it’s going to be a big help to overcome the problem NAT (Network Address Translation) causes for self hosted services at home for the average user. But on the way to full IPv6 support there are a couple of pitfalls one needs to be aware of. When I am not at home I use an IPv4 based VPN tunnel back to my home network and from there to the Internet to make sure Deep Packet Inspection and eavesdroppers on the Wi-Fi link are thoroughly frustrated. But if the network supports IPv6, packets to and from IPv6 capable web sites do not go through the IPv4 VPN tunnel but are exchanged directly between my computer and the website as I recently had to experience. The only way to fix this is to have a VPN for both IPv4 and IPv6. Unfortunately, both my VPN gateway at home and my DSL line do not yet support IPv6. Definitely a chink in the armor one has to be aware of.

One thought on “IPv6 Is Nice But It Circumvents My VPN Tunnel”

  1. Good to know.

    Can this be circumvented by telling the Operating system to not use IPv6? – if thats even possible easily.

    Reminds me a bit of my first tries to tunnel HTTP traffic through putty. After checking with Wireshark wether the tunnel really hides everything, i learned that you have to configure

    network.proxy.socks_remote_dns = TRUE

    to make Firefox (and other Mozilla based browsers as well i guess) send DNS requests via the SSH Tunnel as well. Otherwise your DNS requests stay local and can be eavesdropped.

Comments are closed.