Tunnel OpenVPN IPv6 Leaking

Goongala · February 20, 2022, 3:23am

Hello. I have been using PureOS for the past six weeks as this is my first attempt at a GNU/Linux distro. I have enjoyed my time switching to Linux from Windows. However, I have been having problems with the Librem One Tunnel.

When I first started using the Tunnel VPN I noticed it would leak my IPv6 address. In order to stop this I changed my Network Settings in the GUI for my own Personal Wifi IPv6. By going to System Settings>>>Connections>>>Personal Wifi>>>IPv6 (Method: set on “Automatic”>>>Routes and checked “Use Only for resources on this connection”. I then changed my Network Settings for Tunnel VPN by going to System Settings>>>Connections>>>Librem One US-California>>>IPv6 and set Method to “Disabled”. Once I did this Tunnel VPN would work just fine and my IPv6 address would not leak for six weeks. However now I when I do this my Tunnel VPN connects but the internet won’t work.

I have been researching for a couple of days now and I keep reading that it is important to disable IPv6 for my own Personal Wifi. However when I disable IPv6 on my own Wifi by going to System Settings>>>Connections>>>Personal Wifi>>>IPv6 Method: set on “Disabled”. But when I do this Tunnel VPN connects but then the internet won’t work. Do you have any advice or resources I can use so that my Tunnel VPN will work and not leak my IPv6 address??? I have already tried contacting support two different times but they won’t reply back to me. I am using OpenVPN version 2.5.1 and using PureOS KDE Plasma Live.
Thanks

Gavaudan · February 20, 2022, 4:04am

When I was using openvpn, I would run it from the terminal in order to avoid leaking ipv6. At the time (and I haven’t looked into it since) it was known that the network manager would leak the ipv6 address. Try putting your settings back the way they were and running openvpn from the command line.

Also if it helps, ipleak.net is a good site to test for leaks.

Goongala · February 21, 2022, 1:39am

Thanks for responding Gavaudan. I have started to research into running openvpn from the command line. I got a response back from Purism. It appears for now Librem Tunnel only supports IPv4. I have disabled IPv6 from the terminal by entering sudo nano /etc/sysctl.conf and inserting:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.tun0.disable_ipv6 = 1
and than activating the changes with sudo sysctl -p. (Source: https://protonvpn.com/support/disable-ipv6-protocol-linux/)
However just like when I would disable IPv6 in the GUI it will disable my IPv6 but then when I connect to the VPN the internet won’t work. It probably has something to do with the DNS not resolved properly. I’ll keep doing research in the meantime to see if I can find a way to resolve this.

Gavaudan · February 22, 2022, 1:13pm

You can confirm if its DNS or not by pinging an IP address from the command line when the VPN is activated.

ping -c 5 9.9.9.9

The -c 5 part is to just send 5 packets, which is enough to tell you if it gets a response or not.

Goongala · March 20, 2022, 3:07am

Sorry for the late reply. I was able to confirm that the DNS was the issue by pinging an IP address. I want to thank the support team at Purism for assisting me with the issue. It appears the problem might be my ISP provides only IPv6 DNS. The answer was to resolve this was to try another DNS. I have been using https://dns.watch and it works fine. However I have been researching into https://www.quad9.net/ and I have also heard great things about https://www.opennic.org/ and I might give them a try. I had to modify /etc/resolv.conf and now my internet works great!