VPN LAN IPV6 IP Leakage

Discussion in 'privacy problems' started by Lyx, Apr 20, 2016.

  1. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    83
    Hi,

    I use utorrent (no IPV6/teredo installled) with VPN on W7, and regularly test leakage with http://checkmytorrentip.upcoil.com and http://ipmagnet.services.cbcdn.com.

    Until now, I noticed no issue.

    But recently, the above services showed the LAN +PV6+ IP of my vpn connexion.

    This is somerthing like the webrtcleak with browser, but with a difference: when I use my browser, FF44, without blocking webrtc, the IPV4 and IPV6 lAN IP are leaking. When I use utorrent, checkmyiptorrent and ipmagnet are showing only LAN IPV6 leak.

    The same happens when I use utorrent through a socks proxy, but in that case the issue can be solved in checking (in option-> preferences->connection): "disable feature that leaks information" and "disable connections unspported by the proxy".

    Sadly these settings are only available when using a proxy. Not when using utorrent through a vpn.

    Although lan IP leakage is not extremely harmfull, as these IPs are somewhat generic, I think it tendsto defeat the anonymiity provided in using +shared+ IPs.

    Moreover, as no IPV4 Lan IP happens, one can expect the same result concerning IPV6 LAN IP.

    So what do you think guys about that ? Do you know some hack/trick to solve the problem?

    For the time being, the sole way I have found to block this leakage is to uncheck IPV6 in the network card of my VPN (I currently use IPsec Ikev2). But it is not a long-term solution...
     
    Last edited: Apr 20, 2016
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Yes, uncheck IPv6 in both LAN and VPN adapters. Also add firewall rules that block all IPv6 traffic. If you can add rules in your router, block all IPv6 there too.

    Eventually, we will need VPN services that provide IPv6 addresses like ISPs do. So you'll have VPN-specific IPv4 and IPv6 addresses. That's doable now, if you roll your own VPN. You use a VPS with full IPv6 connectivity, and get three /64 ranges (one for server, one for VPN tunnel and one for remote LAN). I'm using GigaTux, and they have been very helpful.
     
Loading...