V2.4.2 - IPV6 Leak using OpenVPN - PIA (Private Internet Access)



  • Hello,

    First post - I bought a new Protectli box to install PFsense on for the first time. I installed the newest version, 2.4.2 and am setting it up. I wasn't able to get PIA's instructions to work properly since it seems that their screenshots were from an older version of PFsense.

    Specifically of concern is their version of PFSense has an option to disable IPV6 from the OpenVPN configuration. That doesn't appear in v2.4.2, or if it does, the wording has changed and I don't see it.

    I was able to connect to the VPN over PFsense, however when I went to an IPV6 site, whatismyip dot com, it was able to see my true home IP address. However IPV4-based sites did show my PIA VPN IP.

    PIA discusses IPV6 leakage as a problem and claims that IPV6 is too expensive and too new to bother supporting. PIA is my first and only VPN I have used for the last few years and don't know if any other VPN providers are offering IPV6 or if PIA is being cheap. PIA does offer IPV6 leak protection if using their proprietary application however my goal with buying the Protectli box was to set up PFsense to be my VPN for all outbound traffic.

    Please advise if there is a setting to block IPV6 - my search results of the forum here just showed several very old posts that were not helpful. Or is the recommendation that I either change VPN providers, downgrade PFsense software, or to return the Protecli box if it's just not possible to protect against IPV6 leaks.

    Thanks so much in advance for any help.



  • Why not just disable IPv6 on your WAN and LAN interface?


  • LAYER 8 Netgate

    If you don't want IPv6, disable it or block it.

    If you don't want it on a specific host that gets routed to PIA or something, disable IPv6 on that host.



  • @jamesonp:

    Why not just disable IPv6 on your WAN and LAN interface?

    That sounds like a great idea! Can you walk me through where that option exists?


  • LAYER 8 Netgate

    Interfaces > WAN

    Interfaces > LAN

    IPv6 Configuration Type: None



  • @Derelict:

    Interfaces > WAN

    Interfaces > LAN

    IPv6 Configuration Type: None

    That seems to have worked! At least with respect to making that one IPV6 website display my PIA VPN. I assume that the website preferentially loads with IPV6 but if that's not available, it will force IPV4. I only have a basic understanding of networking though.

    I did have to disable the IPV6 DHCP service that was running before it let me disable the LAN IPV6 but that only took me a second to figure out where it was.

    Anything else I should try to ensure IPV6 isn't leaking my real IP?


  • LAYER 8 Netgate

    It is up to the client whether it uses IPv4 or IPv6 when it thinks it has IPv6 connectivity and both AAAA and A records to choose from.

    With IPv6 disabled on WAN I can't see anything else helping more.


Log in to reply