If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
IPv6 vs. VPN?
Is IPv6 somewhat incompatible with VPN's? Most VPN providers seem to
disable IPv6 whenever connecting to their VPN servers. For example do they prevent some of the anonymizing features of VPN's from working properly? NAT doesn't seem to exist anymore in IPv6, so perhaps that's related? Yousuf Khan |
Ads |
#2
|
|||
|
|||
IPv6 vs. VPN?
Yousuf Khan wrote:
Is IPv6 somewhat incompatible with VPN's? Most VPN providers seem to disable IPv6 whenever connecting to their VPN servers. For example do they prevent some of the anonymizing features of VPN's from working properly? NAT doesn't seem to exist anymore in IPv6, so perhaps that's related? The VPN service is tunneling your traffic through their network and then to some endpoint not under their control. With the dearth of remaining IPv4 addresses, some sites can only get IPv6 addresses. If they don't support IPv6 then that's not a VPN that has the level of support or maturity that you need and will unnecessarily restrict to where you can surf. Some sites, and maybe even yourself, dual-stack to support both IPv4 and IPv6; however, a VPN that merely passes through IPv6 traffic because they cannot handle it means you lose the privacy the VPN was supposed to afford to you. VPNs that don't support IPv6 will hide their defect by claiming "IPv6 leak protection" -- which is THEIR leak by directly passing through IPv6 traffic (it's THEIR leak). Why pay for a VPN for privacy when they only sometimes protect your details (and don't alert or block non-private handled IPv6 traffic that THEY cannot handle)? https://www.howtogeek.com/253475/how...l-information/ IPv6 Leaks "... your VPN doesnąt deal IPv6 requests, you can find yourself in a situation where a third party can make IPv6 requests that reveal your true identity (because the VPN just blindly passes them along to your local network/computer, which answers the request honestly)." Why You Need a VPN with IPv6 Support https://restoreprivacy.com/ipv6-vpn/ While the above article has a link to the best/secure VPNs, they list NordVPN. Yet NordVPN states the following: https://nordvpn.com/blog/nordvpn-imp...ak-protection/ (They don't support IPv6 and they "leak" IPv6 through their service rather than block it.) Some try to pretend the "leak" is caused by the user's ISP not supporting IPv6. If that were true, you couldn't connect anywhere using IPv6, including the VPN service. Even ExpressVPN tries to make IPv6 the "leak" culprit when the defect is with their service, as they reveal at: https://www.expressvpn.com/blog/disa...pn-protection/ Private Privacy VPN claims they do support IPv6 (but so will your ISP so you can get your IPv6 traffic through them to the VPN). https://www.perfect-privacy.com/vpn-with-ipv6-support/ If a VPN provider does not support IPv6, you will need to disable IPv6 in your computer plus you will have to forego visiting any sites that use only IPv6 to connect to them (a small number now but that will grow, especially after all the remaining IPv4 pool gets consumed and new sites can only get IPv6 addresses). Some claim to plug the "IPv6 leak" (which is THEIR fault) by blocking IPv6 traffic. Oh goody, some other "cannot connect" errors to diagnose because the VPN is using an archaic system. For example, PureVPN and Tunnelbear have an option to block IPv6. That didn't fix the problem (of their inadequacy to support IPv6). It masks their defect by ****ing with you and masks that they are an inadequate VPN. See: https://support.purevpn.com/how-to-g...ndows-software https://www.tunnelbear.com/blog/ipv6-dns/ They have you limit your capabilities to match their limited capabilities. A paper (2 years old) tested several VPNs to find which ones were insecure, including the "IPv6 leak" which is the VPN's defect. Table 1 shows which VPNs support IPv6. http://www.eecs.qmul.ac.uk/~hamed/pa...ETS2015VPN.pdf VPNs are not as secure or private as you might wish. First, your ISP will still see your traffic and the destination is to the VPN. The VPN will see to where you intend to connect as the target site, so you have to trust them not only with your IP identity but also with your web surfing profile. You've merely moved trust from one unknown target (the site) to another unknown target (the VPN). If you read up on VPNs, many will collect your surfing info to sell off and some even steal your bandwidth to resell to someone else. You never mentioned WHY you are using a VPN. One use is to hide who and where you are. VPNs that don't support IPv6 will either leak that info to the target site or mask their default by blocking IPv6 (which means you cannot reach IPv6-only sites). If you are only using a VPN to encrypt your traffic, they work okay for that but then you don't need them for just that when connecting to HTTPS sites, and more sites are moving to HTTPS even if they provide only public information and have no user accounts (but want to better ensure to identify who they are so you feel confident you went where you expected to go). If you are using a VPN solely to get around regional (geolocation) restrictions at some sites (i.e., you want to lie about where you are), there are proxies you can use for that. VPNs are proxies, too, but they offer more than just proxying your web traffic. |
#3
|
|||
|
|||
IPv6 vs. VPN?
On 2/25/2018 3:07 AM, VanguardLH wrote:
The VPN service is tunneling your traffic through their network and then to some endpoint not under their control. With the dearth of remaining IPv4 addresses, some sites can only get IPv6 addresses. If they don't support IPv6 then that's not a VPN that has the level of support or maturity that you need and will unnecessarily restrict to where you can surf. Some sites, and maybe even yourself, dual-stack to support both IPv4 and IPv6; however, a VPN that merely passes through IPv6 traffic because they cannot handle it means you lose the privacy the VPN was supposed to afford to you. VPNs that don't support IPv6 will hide their defect by claiming "IPv6 leak protection" -- which is THEIR leak by directly passing through IPv6 traffic (it's THEIR leak). Why pay for a VPN for privacy when they only sometimes protect your details (and don't alert or block non-private handled IPv6 traffic that THEY cannot handle)? That's not exactly what I was asking about. The Howtogeek article is about a VPN software ignoring and passing IPv6 traffic through the normal ISP routes. I'm actually asking about whether there is any VPN software that can route IPv6 addresses themselves? https://www.howtogeek.com/253475/how...l-information/ IPv6 Leaks "... your VPN doesnąt deal IPv6 requests, you can find yourself in a situation where a third party can make IPv6 requests that reveal your true identity (because the VPN just blindly passes them along to your local network/computer, which answers the request honestly)." The article actually says that the best course of action with a VPN that doesn't support IPv6 is for it to disable IPv6 completely. Most VPN's seem to be doing that, so there is no "IPv6 Leaks", as there is no IPv6 enabled at all. Why You Need a VPN with IPv6 Support https://restoreprivacy.com/ipv6-vpn/ While the above article has a link to the best/secure VPNs, they list NordVPN. Yet NordVPN states the following: https://nordvpn.com/blog/nordvpn-imp...ak-protection/ (They don't support IPv6 and they "leak" IPv6 through their service rather than block it.) Some try to pretend the "leak" is caused by the user's ISP not supporting IPv6. If that were true, you couldn't connect anywhere using IPv6, including the VPN service. Even ExpressVPN tries to make IPv6 the "leak" culprit when the defect is with their service, as they reveal at: They didn't say that NordVPN supports IPv6, the only one that seems to do that is Perfect Privacy VPN. The NordVPN is just blocking IPv6 like many others, which is secure, but sort of a bandaid solution. My VPN provider also does that for me. https://www.expressvpn.com/blog/disa...pn-protection/ Private Privacy VPN claims they do support IPv6 (but so will your ISP so you can get your IPv6 traffic through them to the VPN). This is where the IPv6 implementation is creating some problems. With IPv4, you had NAT and private addresses, which helped in keeping your local computer secure as a side-effect. With IPv6, apparently they completely forgot about these useful side effects, and completely forgot to implement private and virtualized addresses, and now they are scrambling to put it back into the protocol. With an IPv6 IP address being partially based directly on the network interface's low-level MAC address, the ability to reassign IP addresses randomly are somewhat limited. You never mentioned WHY you are using a VPN. One use is to hide who and where you are. VPNs that don't support IPv6 will either leak that info to the target site or mask their default by blocking IPv6 (which means you cannot reach IPv6-only sites). If you are only using a VPN to encrypt your traffic, they work okay for that but then you don't need them for just that when connecting to HTTPS sites, and more sites are moving to HTTPS even if they provide only public information and have no user accounts (but want to better ensure to identify who they are so you feel confident you went where you expected to go). If you are using a VPN solely to get around regional (geolocation) restrictions at some sites (i.e., you want to lie about where you are), there are proxies you can use for that. VPNs are proxies, too, but they offer more than just proxying your web traffic. Well, why I use my VPN is personal obviously, that's why I have a VPN at all. However, right now, I have not noticed any problem with not having IPv6 support on my VPN yet. But obviously, IPv6 is coming, like it or not, and so I'm wondering which ones already support it. So far, it looks like only Perfect Privacy. Yousuf Khan |
#4
|
|||
|
|||
IPv6 vs. VPN?
Yousuf Khan wrote:
The Howtogeek article is about a VPN software ignoring and passing IPv6 traffic through the normal ISP routes. I'm actually asking about whether there is any VPN software that can route IPv6 addresses themselves? I didn't discuss whether or not your ISP would pass your IPv6 traffic. The HowToGeek article didn't focus on whether or not your ISP supports IPv6. If IPV6 isn't supported by your ISP then you're never getting to the VPN service provider using IPv6 in the first place. An ISP that doesn't support (pass) IPv6 would never expose you to an IPv6 "leak" through any VPN. It must be assumed (or tested) that your ISP will pass your IPv6 traffic. It would be suicidal for any ISP to not support IPv6. I (and the article) discussed how the *VPNs* were failing to support IPv6. I focused on whether or not the VPNs supported IPv6, and some do not (whether they pass it through as a "leak" or block it to mask their deficiency). The article actually says that the best course of action with a VPN that doesn't support IPv6 is for it to disable IPv6 completely. Most VPN's seem to be doing that, so there is no "IPv6 Leaks", as there is no IPv6 enabled at all. That course of action is because the VPN does *not* support IPv6 traffic. Instead of passing it through unaltered (what the VPN providers like to call a leak as though it is someone else's fault), some will block IPv6 traffic. Again, they mask their deficiency by blocking IPv6 traffic instead of investing in supporting it. I already mentioned that scenario (of them pretending the "leak" isn't their fault and some masking their deficiency by blocking IPv6). This is where the IPv6 implementation is creating some problems. With IPv4, you had NAT and private addresses, which helped in keeping your local computer secure as a side-effect. Since when has using IPv6 forced you to use IPv6 addresses for your intranetwork hosts? Since when has IPv6 prevented the use of NAT? You could have dozens of intranet hosts with their own IPv4 addresses (either assigned to them using DHCP or statically assigned at each host). Your router will still perform its NAT function. After all, your router has only *one* WAN-side IP (v4 or v6) address while it multiplexes multiple intranet hosts going to that same router. Do you think if you had a dozen intranet hosts connected to your router that your ISP would assign to you a dozen IP addresses? The WAN-side of your router is still going to get just one IP address from your ISP's DHCP server, and then your router has to multiplex that one WAN-side IP address amongst all your intranet hosts however they are addressed. Well, why I use my VPN is personal obviously, that's why I have a VPN at all. That still doesn't address HOW you use a VPN: encryption, regional hiding, or target hiding. "Personal" could be one, some, or all of those reasons. A VPN is not needed if all you want is encryption (to keep "personal" any information passed between the endpoints in a connection). A VPN is not needed if all you want is to circumvent sites that restrict your region from accessing their content. Public proxies will do that (VPNs are also proxies). The only remaining "personal" reason to use a VPN is to hide (from your ISP and anyone sniffing their network) to where you connect. What other use is there for a VPN? |
Thread Tools | |
Display Modes | Rate This Thread |
|
|