NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi OpenVPN server leaks IPv6
Hi folks. Again a bit more special topic from my side. I've been struggling with the OpenVPN setup of Orbi for quite some time and now finally got fed up with the IPv6 traffic leaking, which makes ...
Thanks for your reply. Let's see if I could work from there.
Anyway, yes, I was also puzzled how that leaking happens. It's not exactly what I expected. But it appears that the at least in this specific case Orbi that I use is connected to network where there is no IPv6 available, although I'm not sure if Orbi woul utilize IPv6 for OpenVPN anyway. Client then is in IPv4/v6 dual stack network and Orbi server config is configured to take all the client traffic.
How the problem is then visible, is easy. All the connections to hosts that do have an IPv6 address get contacted through IPv6 directly and not through the OpenVPN tunnel that would be obviously IPv4 only connection. I haven't studied if this affects servers that are IPv6 only or if it's enough that an AAAA entry exists for a domain name in parallel. One can reproduce this by accessing one of those "What's my IP address"-sites that is IPv6 capable or like in my case some IPv6 video streaming site that applies stricts regional restrictions.
Anyway, yes, I was also puzzled how that leaking happens. It's not exactly what I expected. But it appears that the at least in this specific case Orbi that I use is connected to network where there is no IPv6 available, although I'm not sure if Orbi woul utilize IPv6 for OpenVPN anyway. Client then is in IPv4/v6 dual stack network and Orbi server config is configured to take all the client traffic.
How the problem is then visible, is easy. All the connections to hosts that do have an IPv6 address get contacted through IPv6 directly and not through the OpenVPN tunnel that would be obviously IPv4 only connection. I haven't studied if this affects servers that are IPv6 only or if it's enough that an AAAA entry exists for a domain name in parallel. One can reproduce this by accessing one of those "What's my IP address"-sites that is IPv6 capable or like in my case some IPv6 video streaming site that applies stricts regional restrictions.
Btw. For the completeness, it appears to happen with Win10 client, but right now it seems that Android is not affected. Anyway, problematic enough either way.