I was setting up my laptop for traveling and adding Wireguard VPN configuration.

The Wireguard config generated by router only contains IPv4 address (10.0.5.x), and while testing the VPN to my surprise “what is my ip” websites can find my IPv6 address (I USB tethered mobile connection to my laptop).

It looks like NetworkManager does nothing about IPv6 connection if VPN doesn’t have IPv6 settings, which is bad for road warrior type of VPN configuration.

Is there an easy toggle to turn of IPv6 if VPN is connected and otherwise? Or is only option to disable all IPv6 no matter what?

  • Arthur BesseMA
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 months ago

    You could edit your configuration to change the wireguard connection’s AllowedIPs from 0.0.0.0/0 to 0.0.0.0/0,::/0 so that IPv6 traffic is routed over it. Regardless of if your wireguard endpoint actually supports it, this will at least stop IPv6 traffic from leaking.

      • Arthur BesseMA
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        If you have ::/0 in your AllowedIPs and v6 connections are bypassing your VPN, that is strange.

        What does ip route get 2a00:1450:400f:801::200e (an IPv6 address for google) say?

        I haven’t used wireguard with NetworkManager, but using wg-quick it certainly adds a default v6 route when you have ::/0 in AllowedIPs.