Wireguard VPN Disable IPV6

[treycortez]

I've been searching for a solution, but to no avail.

I have an ASUS AX86U running ASUSwrt-Merlin 3004.388.7_beta1, connecting to ProtonVPN over Wireguard.

I want to disable IPv6 only when connected to the Wireguard Client.

I have tried inserting this into the configuration file:

pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"

but it did nothing. Is there some way to do this, or have I missed the obvious? Or is my only solution to disable IPv6 entirely / use OpenVPN (ugh...) to disable IPv6 only when connecting to the VPN?

 

[netmik3]

Same otherwise ipv6 leaks completely

 

[ZebMcKayhan]

Is there some way to do this, or have I missed the obvious?

If you are talking about your entire lan it would be possible to block with a simple firewall rule

ip6tables -I FORWARD -i br0 -j REJECT

If you could put this rule in place when your wg client starts (userscript wgclient-start) and then remove when wg client stops (userscript wgclient-stop) you would achieve what you want.
Final problem is that fw flushes firewall when it needs rebuilding so it will need to be re-added in userscript firewall-start but only if wg client is started.

It would be possible to do.

 

[Ev0]

Having just switched ISP's and now being with a provider that has ipv6, I find that I also need to block ipv6 from wireguard clients.

Is this an option @RMerlin could look into adding in future updates, so that we don't have to manually edit scripts ?

 

[pavlfz]

Hello, I'm having a problem with leaks from the VPN client. I'm not sure if the problem is with the router or with my ISP, I'm leaning towards the ISP, but the solution likely lies in the router. I wonder if anyone might be able to help. Having written the below, I now start to think this might be related to IPv6. But turning it off didn't help with anything.

I have an ax86u pro, latest Merlin firmware, I run a Wireguard client using Airvpn for a remote machine assigned with VPN Director. It all worked fine, no leaks showing. Then I switched ISP to Youfibre. I immediately had problems with my VPN servers and found out I needed a static IP from Youfibre. Got one, and that sorted out the VPN server issues. But now I'm having VPN client issues. When I go to ipleaks.net and several other leak testing sites, they show two ip addresses, Airvpn's and Youfibre's. It also shows the Cloudflare DNS servers - which I've set the router to use, but shouldn't the VPN use Airvpn's DNS? I have the same problem if I run the OpenVPN client. If I run Wireguard or OpenVPN on the local machine it's all fine, but I can't access webguis, so I need the client on the router.

As well as showing two IPs, ipleaks also showed a red light and 'no' for an Airvpn connection. I changed Prevent Client Auto DoH to 'yes' in the router after seeing this advice in another thread but that made no difference. I also tried turning off IPv6, but this caused the OpenVPN client to 'error'. Wireguard appeared to work but ipleak showed only the Youfibre IP.

The router's WAN connection is currently set to auto. I contacted Youfibre asking for help with the settings for a static IP, but they didn't respond, so I input the settings shown on the router under internet status, set WAN to static and lost internet. Don't laugh! Put it back to auto.

I'm quite out of my depth here, but can only think that this likely has something to do with the static IP from Youfibre, though I can't be sure as I haven't checked for ip leaks for quite a long time. I've also asked about this on the Airvpn forum but I'm not sure which forum this issue belongs on. Does anyone have any ideas about what might be happening.

 

[pavlfz]

Forget my post! I should have read the previous post more carefully. All I had to do was block IPv6 in the remote machine's firewall.

Every day is a new lesson!

 

[netmik3]

Vpns could be using cloudflare it's better than anything they'd make

 

[pavlfz]

Now I've blocked IPv6 on the remote machine it's using Airvpn's DNS. I use cloudflare for all other traffic on the router.