Problems with AirVPN IPv6



  • Usual newb pebkac applies but I'm trying.

    I have succesfully configured my Sky IPv4 and IPv6 connection, with opt61 etc.
    I had succesfully configured IPv4 AirVPN connection.
    I could not stop leaking Sky's IPv6 so i went back to WAN and stopped asking for DHCPv6 and set to none, then removed the IPv6 gateway. I then could successfully route different aliases through either the WAN IPv4 or AirVPN v4.
    I have now edited my AirVPN client so I get both IPv4&6 IPs and have added the gateways, they both show connected fine.
    What I want to know is if it is possible to send some aliases out of WAN and some out of VPN including all the IPv6 traffic out of VPN. The firewall rules seem to have no effect for anything other than IPv4. Any help or advice appreciated greatly thanks.



  • @Coipu , Pfsense + IPv6 = bad combo ;)


  • Netgate Administrator

    @AKEGEC said in Problems with AirVPN IPv6:

    @Coipu , Pfsense + IPv6 = bad combo ;)

    What? 😕
    I use IPv6 with pfSense. Thousands of others do too.

    @Coipu Yes you can policy route IPv6. But you will hit issues unless you have all static IPv6 subnets as you have to NPt to all but one gateway and that is not dynamic.
    If the AirVPN gateway is your only IPv6 connection then you can have LAN track that for v6 and LAN clients will use it. It would then be the only IPv6 route for clients so they would use it for all connections.
    You will have issues if clients have IPv6 connections but are blocked by policy routing. Most OSs prefer v6 over v4 and you will see big delays whilst v6 times out before they fall back to v4.

    Steve



  • @Steve, That is just my experience and for security purposes I disabled IPv6 for all my clients networks.



  • Thanks for that, very useful. I had tried to configure the VPN IPv6 like that as the only one for the system, but WAN is the only option in track interface. You've both steered me in the right direction, thank you.



  • @AKEGEC said in Problems with AirVPN IPv6:

    @Coipu , Pfsense + IPv6 = bad combo ;)

    ????

    I've been using pfsense and IPv6 for over 4 years. In fact, IPv6 support was the reason I moved to pfsense in the first place.

    for security purposes

    What security issues are you referring to?


  • LAYER 8 Global Moderator

    @Coipu said in Problems with AirVPN IPv6:

    I have now edited my AirVPN client so I get both IPv4&6 IPs

    A vpn client on pfsense getting an IPv6 isn't really going to do you much good for clients behind pfsense.

    You would have to nat your clients say ULA ipv6 address to that IPv6 address.. Have never seen a vpn service that provides say ipv6 delegation so you could assign networks behind pfsense their own ipv6 space to use that would be routed through the vpn.

    I would suggest you describe what you want to happen with IPv6.. I doubt this vpn service your using actually provides IPv6 space via the vpn connection designed to be used by multiple clients behind a router, etc.

    Pfsense and IPv6 works just fine, be it native or tunnel from say HE... I have been using HE tunnel with pfsense for years and years.. It is drop dead simple to setup and configure, and security is pretty much as simple as with IPv4, other than having to take into account the difference is IPv6 on how clients get an IP, etc. Its a bit more difficult to do L3 firewall rules via specific IPs when said IPs might be different from day to day..

    But if you understand how IPv6 works, then sure it is easy enough to use and configure on pfsense.

    One thing I will agree with.. If yes if you do not actually understand how IPv6 works. From a security point of view its prob best to just disable its use completely. Until such time is your ready to learn what is required to use it securely..



  • Yeah it turns out VPN provider doesn't you're right. I'm gonna disable for now, will eventually enable Sky's dhcpv6 again when I can figure out how to stop it leaking. Thanks for all this information was very helpful, and I have lots to go and read.


  • LAYER 8 Global Moderator

    @Coipu said in Problems with AirVPN IPv6:

    Sky's dhcpv6 again when I can figure out how to stop it leaking

    Leaking what? The nonsense that users come up with sometimes is just beyond nonsense..

    No shit if you use and IP to talk to something, that something know the IP you talked to it from..

    You hiding your IP address from site X is just beyond pointless to be honest.. If what you are worried about is them tracking you.. The IP you come from is just 1 small variable in the picture that makes up user X to them..

    Cookies, fingerprinting, scripts, just a bazillion things to be honest.. You thinking your hiding from being tracked by some site wanting to track you would be like covering up 1 ear and thinking your friend will not recognize you.

    All covering up your ear does is make it harder for you to hear, just like trying to make sure your IP doesn't "leak" so who your talking to.. only makes you trying to actually use the internet harder for you and prob slower (using some vpn) and more costly, paying for said vpn.

    These vpn services have 1 valid feature to be honest - and that is geoip circumvention.. If you think its stopping anyone from tracking you - your just kidding yourself.



  • @johnpoz Na, if I am using a VPN, google let me solve capatchas, just for googling... So it seems to work, if even google has a hard time identifying my. But sure, I also "fight" fingerprinting and cookies within my FF. Cat and mouse game.


  • LAYER 8 Global Moderator

    @Bob-Dig said in Problems with AirVPN IPv6:

    google let me solve capatchas, just for googling

    Well clearly seems to make using google funner and easier... The reason they force you to do a captcha is whatever IP your coming from is on their CRAP list.. Because the guy before you was prob doing something they don't like..

    If what your doing is your hobby trying to think your hiding anything - have fun... But sorry all that nonsense your doing isn't doing anything other than making your internet experience shittier..

    So do you not use CC, do you not use any sort of reward cards... Do you not have a cell phone? Do you let scripts run at all? The internet pretty much sucks without scripts running...

    Anyone thinks this shit is actually doing anything to protect their so called "privacy" is just fooling themselves..

    If you don't want to be tracked - then go live in the woods, off the grid.. Sorry but living in the modern day information age - your being tracked... You thinking your actually doing anything by not "leaking" your IP is just using a thimble in a fire brigade trying to put out your house that is ablaze..

    You might be able to fool some nonsense block say netflix put in place, which they really don't care about but do just because the copyright owners say hey only clients from X can watch this because that is what you paid... Ok we will prevent via geoip, etc. And guess what your just playing whack-a-mole there as well..

    But your not actually preventing tracking.. You might as well think you could put out forest fire by pissing on it..



  • @johnpoz You might be right... or not. My phone is thanks to pfSense and vlan redirected through another VPN-Tunnel and also always-VPN is activated, location is turned off ... I do my best. It is a hobby. :)



  • @johnpoz said in Problems with AirVPN IPv6:

    Well clearly seems to make using google funner and easier... The reason they force you to do a captcha is whatever IP your coming from is on their CRAP list.. Because the guy before you was prob doing something they don't like..

    If what your doing is your hobby trying to think your hiding anything - have fun... But sorry all that nonsense your doing isn't doing anything other than making your internet experience shittier..

    So do you not use CC, do you not use any sort of reward cards... Do you not have a cell phone? Do you let scripts run at all? The internet pretty much sucks without scripts running...

    Anyone thinks this shit is actually doing anything to protect their so called "privacy" is just fooling themselves..

    If you don't want to be tracked - then go live in the woods, off the grid.. Sorry but living in the modern day information age - your being tracked... You thinking your actually doing anything by not "leaking" your IP is just using a thimble in a fire brigade trying to put out your house that is ablaze..

    You might be able to fool some nonsense block say netflix put in place, which they really don't care about but do just because the copyright owners say hey only clients from X can watch this because that is what you paid... Ok we will prevent via geoip, etc. And guess what your just playing whack-a-mole there as well..

    But your not actually preventing tracking.. You might as well think you could put out forest fire by pissing on it..

    It is a normal thing to have pro and against in any matter. If they want to use VPN provider for their privacy and security, so let them be. As long they are not harm or hurt you.
    Anyway usually people who are against privacy and security rights are the one who do not use social media or use it but hiding their information or without their real name, location, picture. If they really trully do believe that, they should at least use their real name in this forum. But a lot of users use nicknames that do not have any connection to their real identity. Why? Privacy and Security.
    I do love this old song; Just do as I say, don't do as I do. 👅


  • LAYER 8 Global Moderator

    @AKEGEC said in Problems with AirVPN IPv6:

    As long they are not harm or hurt you.

    But they do harm me and hurt me by filling the forums with FUD ;)

    They can use all the VPN services they want... Its just pointless - go ask your questions on mytinfoil hat is not tight enough.com

    Kind of rant mind you - just getting sick of these my dns is leaking.. The Man knows what I am doing nonsense threads... When they don't have a clue to how any of it works anyway... They go to some site and says your leaking - and they think the black helicopters are going to be circling their house within hours ;)



  • @johnpoz said in Problems with AirVPN IPv6:

    @AKEGEC said in Problems with AirVPN IPv6:

    As long they are not harm or hurt you.

    But they do harm me and hurt me by filling the forums with FUD ;)

    They can use all the VPN services they want... Its just pointless - go ask your questions on mytinfoil hat is not tight enough.com

    Kind of rant mind you - just getting sick of these my dns is leaking.. The Man knows what I am doing nonsense threads... When they don't have a clue to how any of it works anyway... They go to some site and says your leaking - and they think the black helicopters are going to be circling their house within hours ;)

    What is the difference between FUD and TERRORIZING?



  • @AKEGEC said in Problems with AirVPN IPv6:

    What is the difference between FUD and TERRORIZING?

    Better stay away from the 5G cell towers, as they'll give you COVID. There you have both in one sentence.



  • @JKnott said in Problems with AirVPN IPv6:

    Better stay away from the 5G cell towers, as they'll give you COVID. There you have both in one sentence.

    Like I said before, Belgium people only believe in facts and not some kids' lies. For example, seven years after it was exposed by former National Security Agency contractor Edward Snowden, a federal appeals court has ruled that the NSA’s bulk collection of phone metadata was illegal and unnecessary. They violated the Fourth Amendment and did violate the Foreign Intelligence Surveillance Act (FISA) when it collected the telephony metadata of millions of Americans.

    You see Edward Snowden was telling the truth. He also told that ISP and corporations are still collecting bulk data from their users. But then again, you can not wake up those who are pretending to sleep!

    Anyway let get back to the topic, @Coipu, I think NordVPN implemented IPv6 leak protection.bolded text


  • LAYER 8 Global Moderator

    Belgium people only believe in facts? Where is the thread around here where the belgium guy thinks pfsense is working with the EU and there is a back door.. Because he saw a log entry to loopback from root in his logs.

    I am not saying the governments are not doing surveillance.. My point is you using some 3$ or 30$ a month vpn is not going to stop that.. Nor is you using cloudflare vs your ISP dns.. Even if the vpn not in on with them... Most of them prob run by the NSA if you really want to get your tinfoil hat on.. Your pissing on a 10k acre Forest Fire.. Better drink lots of water ;)

    JFC that is what the NSA is suppose to do.. Do they really care if you went netgate.com ?

    Again that is the not point.. The point is you really think your stopping the likes of the NSA from tracking you by using a vpn, or checking if your dns leaks?? Who are you? Your not billy, billy parts his hair on the right, and you have yours parted on the left ;)

    And you mentioned that word... Lets count down minutes until some spammer shows up..



  • @johnpoz said in Problems with AirVPN IPv6:

    Belgium people only believe in facts? Where is the thread around here where the belgium guy thinks pfsense is working with the EU and there is a back door.. Because he saw a log entry to loopback from root in his logs.

    I am not saying the governments are not doing surveillance.. My point is you using some 3$ or 30$ a month vpn is not going to stop that.. Nor is you using cloudflare vs your ISP dns.. Even if the vpn not in on with them... Most of them prob run by the NSA if you really want to get your tinfoil hat on.. Your pissing on a 10k acre Forest Fire.. Better drink lots of water ;)

    JFC that is what the NSA is suppose to do.. Do they really care if you went netgate.com ?

    Again that is the not point.. The point is you really think your stopping the likes of the NSA from tracking you by using a vpn, or checking if your dns leaks?? Who are you? Your not billy, billy parts his hair on the right, and you have yours parted on the left ;)

    And you mentioned that word... Lets count down minutes until some spammer shows up..

    As for me Jan..I mean John,  as long as you are not the one who puts food on their table, they can do whatever they want (using opensource firewall, VPN provider, obfuscated server). It is their money after all.

    We live in Europe, everyone can have whatever opinion he/she wants and not dictated by some dictator. That’s the reason we live in Europe, so anyone can have a free opinion and live free in Europe. 👨‍👩‍👧‍👧 🙅 👁


  • Netgate Administrator

    Stop!

    Take this to off-topic if you want to continue this discussion.

    None of it is going to help the OP with their IPv6 connectivity issues.

    Steve



  • @stephenw10 said in Problems with AirVPN IPv6:

    Stop!

    Take this to off-topic if you want to continue this discussion.

    None of it is going to help the OP with their IPv6 connectivity issues.

    Steve

    You are right Steve. Thank you.

    @Coipu , I see Airvpn supports IPv6: https://airvpn.org/specs/
    I think your ISP might have blocked some Ports or IP addresses. You should try different ports and ip entry as instructed by Airvpn.


  • LAYER 8 Global Moderator

    @AKEGEC said in Problems with AirVPN IPv6:

    I think your ISP might have blocked some Ports or IP addresses.

    Huh??

    I have now edited my AirVPN client so I get both IPv4&6 IPs and have added the gateways, they both show connected fine.

    He has clearly connected to the vpn service.. So what would his isp and blocking IPs and ports have to do with anything?



  • @johnpoz said in Problems with AirVPN IPv6:

    @AKEGEC said in Problems with AirVPN IPv6:

    I think your ISP might have blocked some Ports or IP addresses.

    Huh??

    I have now edited my AirVPN client so I get both IPv4&6 IPs and have added the gateways, they both show connected fine.

    He has clearly connected to the vpn service.. So what would his isp and blocking IPs and ports have to do with anything?

    He is talking about leaking. IP and DNS leaks do not mean you have no connection.


  • LAYER 8 Global Moderator

    And again - that has nothing to do with his isp or it blocking ports.

    I'm done here... The OPs question was asked and answered already... His vpn does not provide the sort of IPv6 connectivity he wanted..

    Yeah it turns out VPN provider doesn't you're right. I'm gonna disable for now

    While the vpn might hand out the client an IPv6 address.. Its meant to be used by a single client, not a router routing all traffic through that that vpn on IPv6..

    Went over this - and provided a method that he could get around it by natting to that IPv6 address.. Either way none of what the OP asked for has anything to do with his isp blocking anything..


  • Netgate Administrator

    Yes, I think the bottom line here is that if the VPN service does not hand you a prefix to use it's unsuitable to use for a subnet of clients behind the firewall like this.

    Steve



  • @stephenw10 said in Problems with AirVPN IPv6:

    Yes, I think the bottom line here is that if the VPN service does not hand you a prefix to use it's unsuitable to use for a subnet of clients behind the firewall like this.

    And even if they would, than it would be only you, who is using it, which is somewhat contrary to an "anonymizing" VPN, right?


  • LAYER 8 Global Moderator

    Well while your connected it would be only you, but would assume this would rotate like every 24 hours or something. And either way the IP space would be the vpn space, and as they clearly state on their website they don't log or work with any government agencies... And do not profit in any way with the GBs of traffic their users use.. That $29 for life gives them plenty of profit ;) why would they have any need to monetize whatever your doing via their vpn? ;)

    Most likely even that single IPv6 they give you is only being used by you.. So unless they handing out ULA address space and natting it?? Even that single IPv6 give you is not "shared" like your typical IPv4 vpn..


Log in to reply