IPv6 question

[SomeWhereOverTheRainBow]

If you are running the VPN Director VPN clients on the router, then you will have IPv6 leaks, because they clients themselves do not support IPv6. @RMerlin does not have access to an IPv6 ISP and without this it is not practical to do the work necessary to get this to work. As noted elsewhere you can disable IPv6 on the router, or just disable IPv6 on the devices routed through the tunnel(s).

If you want to use VPN providers who supports IPv6 then your current options are
connect via the provider's own clients (not the router)
move your VPN routing to a device that does support dual stack VPN routing (I believe it can be done on a pi, have never tried)
on a supported Asus device, run @ZebMcKayhan's Wireguard Manager (WGM)

I use WGM, with dual stack and no leaks, but I also have a slow ISP (for fast links Wireguard will speed limit your whole network, not just the VPN tunnels)

If that is the case, clever users can just throw up ipv6 drop rules whenever the tunnel is up. Not a big deal.

 

[learning_curve]

If that is the case, clever users can just throw up ipv6 drop rules whenever the tunnel is up. Not a big deal.

They could, yes... but... To be fair, several of those earlier options are probably a lot easy for most users to use (especially if they are new to using IPv6 and/or VPN and/or both)

 

[SomeWhereOverTheRainBow]

They could, yes... but... To be fair, several of those earlier options are probably a lot easy for most users to use (especially if they are new to using IPv6 and/or VPN and/or both)

Yes if all ideas are equal, that sounds about right. For that reason, they are allowed to be heard. However, all ideas are not equal. Only the users making the choices can choose what is right for them.

 

[ZebMcKayhan]

on a supported Asus device, run @ZebMcKayhan's Wireguard Manager (WGM)

Just fyi, Im not the developer of this addon, @Martineau is. Im just an happy supporter who tries to learn to manage my own network and secure my own interests.

 

[archiel]

Just fyi, Im not the developer of this addon, @Martineau is. Im just an happy supporter who tries to learn to manage my own network and secure my own interests.

Doh! with apologies to @Martineau (thanks for the code) and @ZebMcKayhan (whose setup guide is invaluable). With that said @Kingp1n is running a GT-AX11000, so I believe quite capable of using the WGM addon. For me the real consideration is/would be my connection speed. At 80/20 Mb/s having no flow control is not an issue, but if I had (and was making use of) much more than 600 Mb/s I would probably not run Wireguard on the router as then all traffic is speed constrained, not just the VPN tunnels.

 

[Viktor Jaep]

A little off-topic, but would anyone happen to know what NVRAM variable keeps track of this "Connection Type" dropdown under the IPv6 section of the UI?

 

[dave14305]

A little off-topic, but would anyone happen to know what NVRAM variable keeps track of this "Connection Type" dropdown under the IPv6 section of the UI?

View attachment 45518

nvram get ipv6_service

 

[Viktor Jaep]

nvram get ipv6_service

OK... no wonder. My dropdown is currently set to "Native", and the value in that field is "dhcp6". Thanks for the tip, @dave14305!

 

[sfx2000]

If you are running the VPN Director VPN clients on the router, then you will have IPv6 leaks, because the clients themselves do not support IPv6.

If the script writers are not testing their scripts, then one will have bugs like this - testing ensures those bugs will be fixed.

 

[sfx2000]

Or leave IPv6 at default Disabled and choose any VPN provider you like. The problem doesn't exist.

I'm trying very hard to understand how your comment contributes to this thread.

 

[Tech9]

I'm trying very hard to understand how your comment contributes to this thread.

It's very simple - don't enable firmware options you don't need. Some of them cause issues. I offer one click solution, if someone made a mistake. The issue goes away and everything is back to normal. Choose the VPN you like and continue. The most popular ones NordVPN and ExpressVPN recommend disabling IPv6 or block it in client app. Equipment comes with IPv6 disabled by default, businesses with popular services don't use IPv6. Instead of arguing with users, argue with the companies. If you are looking for free beta testers - wrong place.

 

[dave14305]

It's very simple - don't enable firmware options you don't need. Some of them cause issues. I offer one click solution, if someone made a mistake. The issue goes away and everything is back to normal. Choose the VPN you like and continue. The most popular ones NordVPN and ExpressVPN recommend disabling IPv6 or block it in client app. Equipment comes with IPv6 disabled by default, businesses with popular services don't use IPv6. Instead of arguing with users, argue with the companies. If you are looking for free beta testers - wrong place.

There's another guy on the forum who frequently replies to any random thread suggesting posters reset their router to factory defaults when they face a minor issue. All I'm saying is, don't let yourself become that guy around IPv6.

 

[sfx2000]

It's very simple - don't enable firmware options you don't need. Some of them cause issues. I offer one click solution, if someone made a mistake. The issue goes away and everything is back to normal. Choose the VPN you like and continue.

This does not contribute to the thread...

I get it, you don't like IPv6, that horse is very dead and very well beaten...

 

[L&LD]

@dave14305, I don't reply to random threads. I read them all and reply where I can.

The issues described when I suggest a reset is because no such issues exist for others when their routers are in a good/known state. I don't think there's an example of a fix that was ever offered that didn't also need a full reset to get the network stable and fast again.

Maybe, you shouldn't be like another guy on this forum who only wants to make himself taller by cutting others down.

 

[Tech9]

All I'm saying is, don't let yourself become that guy around IPv6.

My recommendations for both hardware and software/settings are adapted to user's knowledge. I can recommend disabling IPv6, if the user doesn't need it, or enabling IPv6, if the user needs it. I recently asked few users if they have IPv6 available. Far from the guy you are talking about.

This does not contribute to the thread...

It solves the common VPN IPv6 leak problem in seconds (the time needed to renew DHCP leases) and is in sinc with major/popular VPN service providers' recommendations. The solution is simple and pointed to average home router users with none or low networking knowledge.

 

[sfx2000]

It solves the common VPN IPv6 leak problem in seconds

Doesn't solve anything... just sticks one head in the sand and pretend it doesn't exist.

not a problem for many - recall that clientside VPN inside AsusWRT is to primarily unlock content and defeat region locking for most - let's be honest here, otherwise why use a VPN inside the router?

I have not heard of many questions regarding site to site and DNS leakage

I don't see this as a problem I need to solve with pirating content - that's up to the script writers and perhaps AsusWRT, which we all know needs some work.

If people don't test, things cannot be fixed.

 

[sfx2000]

There's another guy on the forum who frequently replies to any random thread suggesting posters reset their router to factory defaults when they face a minor issue.

That guy is more often right than wrong, IMHO...

There's a lot of settings inside stock AsusWRT that can get folks into trouble...

 

[sfx2000]

another guy on this forum who only wants to make himself taller by cutting others down.

If I'm that guy, let me know... I'm trying my best to encourage discussion

 

[RMerlin]

Ok, that's enough. Locking down this thread as it's spiraling down into personal attacks.