IPv4 is running out, so IPv6 is the future. Unfortunately, the world is not fully ready for IPv6. This includes many VPN services, whose software does not protect users against “IPv6 leaks.” The simplest solution to this problem is to disable IPv6 on your device.
What is IPv6?
Every internet connection has a unique numeric address known as its Internet Protocol (IP) address. At present, most IP addresses use the older 32-bit IPv4 standard, but IPv4 addresses are running out fast.
The solution is to simply use longer IP addresses, which is exactly IPV6 does. By using 128-bit web addresses, IPv6 makes around 340 billion billion billion billion addresses. Which should keep us going for a while!
Do I have IPv6?
Whether you have IPv6 capability depends on your internet provider. IPv6 deployment by ISPs has been rather slow almost everywhere, although in some countries it is more common than others. Overall, in 2019 most people do not yet have an IPv6 connection, although this is beginning to change.
If you’re not sure if you have an IPv6 connection then visit ipleak.net (without a VPN connection).
If you don’t see a long IPv6 address, then you don’t have an IPv6 connection and you have no need for this guide.
There is no point in disabling IPv6 on your device if you do not have an IPv6 connection, although if you regularly connect to the internet using other people's connections, such as public WiFi hotspots, then you might want to do it anyway.
Why disable IPv6?
The move to IPv6 is a good and necessary thing, so why disable IPv6 if you have it? The only reason to do this is that many VPN apps properly route IPv4 connections through the VPN interface but do not do so for IPv6. This allows websites to see your real IP address and is known as an IPv6 leak.
Disabling IPv6 at the system level ensures no leaks are possible. The good news is that disabling IPv6 on your device costs you nothing. IPv4 is not going away soon, and every website and internet resource supports IPv4. IPv6 might be the future, but the future is not here yet.
This means you can disable IPv6 to secure your VPN connection without any negative consequences to your internet use.
A word on WebRTC
WebRTC is a communications protocol built into most modern browsers that allows for seamless voice and video communication inside your browser window.
A design feature of WebRTC is that it allows users to communicate through firewalls by simply telling other WebRTC users (and websites) your real IP address. If you have an IPv6 connection, it will tell them your IPv6 address, and if you don’t then it will tell them your IPv4 address
This feature is great for WebRTC users but is a pain for VPN users as it leaks your real IP address regardless of whether you are using a VPN. The problem is commonly referred to as a WebRTC leak.
Note that if you see a WebRTC leak then disabling IPv6 on your device might fix the problem, but it's just as likely that WebRTC will instead leak your IPv4 address instead. Disabling IPv6 is therefore not the recommended solution to preventing IPv6 WebRTC leaks.
There are things a VPN service can do at the client and server level to reduce the chance of WebRTC leaks happening, but the only guaranteed solution is to disable WebRTC in your browser.
How to disable IPv6 on your device
Windows (most versions)
Right-click Start -> Search -> type Control Panel into the search box and select the result.
Select Network and Sharing (or View network status and tasks if in Category mode).
Go to Change adapter settings.
Right-click on your internet connection -> Properties.
Scroll down until you see Internet Protocol Version 6 (TCP/IPv6) and uncheck its box.
Click OK and you’re done.
Go to System Preferences...
Select your internet connection -> Advanced.< br />
Go to the TCP/IP tab -> Configure IPv6: -> Off.
Click OK and you're done.
There are two ways to disable IPv6 on Linux operating systems. You can do this using either command line or network-manager, see the steps below to find out how.
Using Network Manager
Go to Settings -> Network. Click on the settings/options tab for your network.
Switch to the IPv6 tab -> IPv6 Method -> Disable.
Click Apply and you're done.
Using the command-line
Debian (includes Ubuntu and Mint) and SuSE systems
To permanently disable IPv6 we must edit the sysctl.conf file.
- Open Terminal and enter the following command:
sudo nano /etc/sysctl.conf
- Scroll down to the bottom and add the following lines:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
- Save and close the file, then execute then changes using the following command:
sudo sysctl -p
A reboot won’t hurt either. To re-enable IPv6 just remove the added lines from /etc/sysctl.conf.
Red Hat systems (includes Fedora and CentOS)
Open Terminal and enter the following commands:
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
To re-enable IPv6 enter the following commands:
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=0
It is not possible to disable IPv6 in Android for WiFi connections without rooting your phone. You can, however, disable it for mobile data connections.
Go Settings -> Connections -> Mobile networks -> Access Point Names. Select your mobile operator the scroll down to APN protocol and select it.
And you’re done.
It should be noted, though, that it might be a better idea to just use OpenVPN for Android instead of your leaky custom app. It can ensure that unwanted IPv6 connections outside the VPN interface are not possible.
Open the OpenVPN for Android app and Edit icon for your VPN connection.
Switch to the Routing tab and Block IPv6 (or IPv4) is not used by the VPN is enabled (it is by default).
iOS and iPadOS
It is not possible to disable IPv6 on Apple’s mobile platforms at the system-level, although the OpenVPN Connect app can route connections through IPv4 only. Just go to settings -> and select IPv6 -> IPV4-only tunnel.
It is not usually possible to disable IPv6 at the system level in Chrome OS. If you enter Developer mode, you can temporarily disable IPv6 by opening a Chrome window entering:
sudo ip6tables –F
But this only works until you reboot your Chromebook. A better solution is to use the OpenVPN for Android app to prevent IPv6 leaks instead of your VPN provider’s custom app.
As with all Android VPN apps run on a Chromebook, this will secure all native ChromeOS and all Android connections on your Chromebook. It will not secure connections for Linux apps running under ChromeOS, however.