Block IPv6 while being connected to OpenVPN

Hello,

I set up Private Internet Access' OpenVPN access in OpenWrt using their .ovpn files that you can download on their website. Setup in OpenWrt was easy and OpenVPN connects without issues. IPv4 is correctly passed through the tunnel. BUT IPv6 remains using my ISPs provided address and is not routed through the tunnel. The main reason is probably that PIA does not provide IPv6 support :wink: This is completely fine, I can live with only having IPv4 over VPN. Instead I would want OpenWrt to just block IPv6 completely when I am connected to the VPN.

How to do that? Searching the internet, I found https://askubuntu.com/a/1168366 which recommended adding

pull-filter ignore "ifconfig-ipv6 "
pull-filter ignore "route-ipv6 "

To the OpenVPN configuration file. But these lines just have no effect. I guess they just filter IPv6 options that are passed from the OpenVPN server to my router?

Maybe I can hook some script to openvpn connections to disable/enable the wan6 interface? But I am not sure how.

In the end, the requirement is basically "When being connected to a VPN, all traffic should use the VPN", which is probably something many people want. So maybe I just missed an option to do just that somewhere in OpenVPN?

Thanks for your help,
Thomas

Remove this as it is designed to prevent your VPN provider from providing IPv6 connectivity inside the tunnel.

Yep, something like that.
Just change the commands for the up and down actions to ifdown wan6 and ifup wan6 respectively.
Alternatively, you can use the kill switch to completely disable the LAN to WAN forwarding.

2 Likes

If you use vpn-policy-routing package, you can mod it,
so it creates additional firewall rules to block IPv6 for certain traffic only.
Most (or all?) clients will fall back to IPv4 then.

1 Like