IPv6 leakage and DNS hijacking were the topics of a recent academic research paper that tested commercial VPN providers. The results pointed to VPN services being weak to IPv6 leaks and DNS hijacking attacks. While the results have been contested by a number of VPN companies as out of date and misrepresenting their capabilities, we like to err on the side of caution.
In the case of IPv6 leakage there is a simple solution for most of us. Are you using IPv6? If the answer is ‘no’ or you don’t know then you are likely not using IPv6. In this scenario the best way to avoid leaks is to disable IPv6. There are a couple ways to do this depending on which VPN service you happen to use.
Disable IPv6 in your VPN Client
Some VPN providers offer IPv6 leak protection. If you’re not sure whether or nor your VPN offers the feature I would suggest looking at the settings page of their client software. You can also contact their technical support and ask. I know that Private Internet Access and PureVPN have switches in their custom VPN software to disable IPv6. Let’s take a look at the PIA VPN client.
Here is the description of PIA’s IPv6 leak protection:
IPv6 leak protection disables IPv6 traffic while on the VPN. This ensures that no IPv6 traffic leaks out over your normal internet connection when you are connected to the VPN. This includes 6to4 and Teredo tunneled IPv6 traffic. This will not block IPv6 on Windows XP if you have manually enabled it.
Now let’s take a look at PureVPN’s IPv6 leak protection:
As you can see PureVPN offers a check box on their settings page to enable ‘IPv6 Leak Protection’ which in turn disables all IPv6 traffic to or from your computer.
Manually Disable IPv6 on Windows
Microsoft started including IPv6 in Windows XP (optional) and it has been a mandatory part of the operating system since Windows Vista. You are likely running Windows 7, 8, or 10. Regardless of which version of the OS you are running (Vista or later) you have multiple ways to disable IPv6. The first method is to automatically disable IPv6 in Windows. To do so visit the Microsoft IPv6 guide page.
The second method is to manually disable IPv6 through your registry. Once again I suggest you refer to Microsoft’s IPv6 guide. They will walk you through the process. The first thing you will want to do is backup your registry. Making the wrong registry change can leave your system unusable. The Microsoft guide will give you specific registry key values for the DisabledComponents key based on your goals.
- 0 – re-enable all IPv6 components
- 0xff – disable all IPv6 components except the IPv6 loopback interface
- 0x20 – prefer IPv4 over IPv6
- 0x10 – disable IPv6 on all nontunnel interfaces
- 0x01 – disable IPv6 on all tunnel interfaces
- 0x11 – disable all IPv6 interfaces except for the IPv6 loopback interface
Disable IPv6 for a Network Connection
In addition to disabling IPv6 for all Windows communications, you can disable IPv6 on specific network interfaces. To do so you will want to open control panel and go to ‘view network status and tasks’ in the Network and Sharing Center section. Next you will want to click ‘change adapter settings’ which will display your network connections. Right click on the connection you wish to change and left click on properties. Now simply uncheck the box for Internet Protocol Version 6 (TCP/IPv6) as shown below.
You can easily re-enable IPv6 communications anytime by checking the box in the future.
Disable IPv6 on Mac OS X 10.7 and 10.8
Thank you to the IT team at the University of Louisville for sharing the steps to disable IPv6 on Mac OS X 10.5 or higher. We’re going to cover the instructions for Mac OS X 10.7 and 10.8. Please refer to their guide for the earlier versions.
To disable IPv6 in Mac OS X Yosemite (10.7 or 10.8) you will want to start by going to Applications, then Utilities, and finally click on Terminal. You can get a list of your network interfaces by issuing the following command:
- networksetup -listallnetworkservices
Most newer Mac’s only have wi-fi network interfaces. Running the command above will list a LAN interface if you have one. Now you will want to issue these commands to disable IPv6:
- networksetup -setv6off Wi-Fi
- networksetup -setv6off Ethernet
You will likely only need the first command which disables IPv6 on your wi-fi connection. If you want to re-enable IPv6 in the future simply type the following commands based on whether you have LAN in addition to wi-fi adapters on your Mac.
- networksetup -setv6automatic Wi-Fi
- networksetup -setv6automatic Ethernet
If you have multiple adapters you may need to refer to them in sequence. For example Ethernet 1, Ethernet 2, etc.
Follow us @VPNFan for the latest VPN news and guides.