Prevent IPv6 Address Detection?
-
Hi All,
Using a VPN service on Pfsense, IPV4, I have disabled IPv6 in the Advanced section, however it seems some sites are able to detect an IPv6 address?
How is this possible if I'm not pulling a v6 address from my ISP?
Thanks!
-
http://test-ipv6.com/ and http://ipv6-test.com/ will confirm that your are NOT IPv6 ready ;)
-
Confirmed not showing an address there at all, but did show IPV6 -> V4 DNS, could that leak in any way?
-
Sure it wasn't your browser reporting its link-local address? What was beginning part of this ipv6 address they detected?
-
Can it detect a link-local externally?
And I'm actually asking for a friend, so I'll need to ask him if the address started with FE80.
-
could of been a teredo or isatap, etc. – get the first part of the prefix and we can tell if actual global address or some other special sort of address. And sure browsers can report their IP addresses.. I don't actually recall ever seeing a link local being reported, but browsers can leak all kinds of info.
https://browserleaks.com/
-
Ahh I see where you're coming from - fair call, I'll run that by him, pretty sure you're onto it, as I've disabled IPv6 for DHCP and am not leaking.
I still have a local IPv6 address, from what I've heard you cant disable it, but PFsense just wont use it right?
Also, curious, can a v6 address leak through a VPN and compromise anonymity?
-
you can disable your link local if your on windows for sure.. This will also disable all the other transition tunnel stuff that MS in their infinite wisdom thought was good idea to turn all 3 different ones all at once.. teredo, isatap and 6to4
Simple reg key will turn it all off.
From admin prompt
reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v DisabledComponents /t REG_DWORD /d 255reboot.. To put it back just delete the key
reg delete hklm\system\currentcontrolset\services\tcpip6\parameters\ /v DisabledComponents /fReboot and your back to how it was out of the box.. Everything on teredo, isatap, 6to4
If not running windows and running a flavor of linux/bsd it might also be possible to disable the link local, etc.
-
Can a link local be used to identity a host/person globally? Or is it similar to 192/172/10.0 networking?
Can a v6 address also leak through a VPN with v6 turned off and compromise anonymity?
-
Hmmm…
That Browser Leaks site doesn't like IPv6.
-
Can a link local be used to identity a host/person globally? Or is it similar to 192/172/10.0 networking?
A link local address can only be used to identify a piece of hardware. It has absolutely no info about who or where you are. It's normally based on the MAC address.
-
@JKnott - it was just the first site I found with a quick google to just show that browser can leak your local address. It might not even do IPv6, etc.
Without some details its unclear to what might have been reported to this guys buddy. But if he has ipv6 off on pfsense, I find it pretty much impossible for it to be a global IPv6 address from his isp, etc. So it could be something like a browser leak, or could be say a teredo address..
There are better sites for detecting ipv6 leaks, etc.
