Yes. It's essential to disable IPv6 support, in your router and devices, and to configure firewalls to block all IPv6 traffic.
Only four of the 14 VPN services that they tested didn't leak IPv6: TorGuard, PIA, VyprVPN and Mullvad. And they accomplish that by disabling IPv6. AirVPN did leak, but say that they've fixed the problem, and that the researchers didn't redo the testing. The researchers didn't test BolehVPN, Insorg or iVPN. All of the 14 VPN services leaked on Android The paper is at http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf Edit: And none of the 14 VPN services leaked on iOS I'm impressed Edit: See https://torrentfreak.com/vpn-providers-respond-to-allegations-of-data-leakage-150701/ Edit: See http://dnsleak.com/ for DNS (IPv4 and IPv6) and email leak tests. Edit: A firewall rule that allows DNS (port 53) only on the VPN tunnel blocks the DNS route injection attacks. With that rule, you must specify VPN servers by IP address, because hostnames can't be resolved before the VPN connects.
I call BS. Either Google search should have picked up https://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition/ (or in later December 2014, https://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/). And even the 2013 edition covers 21 VPN services: Private Internet Access, Torguard, TorrentPrivacy, IPVanish, Privacy.io, VikingVPN, Anonine, IVPN, AirVPN, PrivatVPN, PRQ, Boxpn, EarthVPN, Mullvad, Faceless.me, BlackVPN, Ipredator, BolehVPN, NordVPN, Proxy.sh and HideIPVPN. Edit: ... and cluelessness: Whonix <> "live Linux distribution"
Nord vpn even recommended to disable IPv6 when I talked to them. That was awhile back not that I needed to know FWIW.
