IP (Internet Protocol) is one of the fundamental units of the internet to grease the communication wheels between machines (devices) when they are connected to the internet. Similarly to car license plate numbers, an IP is your device’s registration number on the internet which gives it an identity and helps in routing traffic between your device and the destination website on the internet. The world relied only on IPv4 (IP version 4) until 2013 when it started running out of IP addresses due to the rampant growth of internet users. Now imagine the world being flooded with unregistered cars because it has run out of license plate numbers, that is when IPv6 came into existence.
What is IPv6?
Internet Protocol Version 6 “IPv6″ is commonly referred to as the IPng or the “internet’s next generation protocol” was designed by the Internet Engineering Task Force “IETF” to replace IPv4 and compensate for all of its issues including coping up with the exponential growth of internet users. Compared to IPv4, which uses 32 bits for its addresses, IPv6 uses 128 binary digits to support around 340 trillion unique addresses. This tremendous number of IP addresses should definitely meet the internet’s ravenous demand for decades to come. Not only that, but IPv6 also improves the routing process by reducing the size of routine tables. Moreover, IPv6 has increased the efficiency of packet processing by eliminating IP-level checksum. In this way, the IP-level checksum would need to be recalculated at each and every router hop like it does with IPv4. IPv6 also has a built-in address auto-configuration and supports and increases the quality of mobile devices, VoIP as well as P2P services due to the fact that NAT (Network Address Translation) is eliminated. More importantly, IPv6 is developed to be much more secure than IPv4 as it is supported by IPsec protocol.
For all its merits, IPv6 is becoming remarkably widespread as more and more top global websites are deploying the IPng. For example, Apple is one of the biggest companies that has successfully transitioned into IPv6 in June 2016. The company continues to aggressively help in pushing the transition into IPv6 by rejecting any application submitted to its app store that does not use IPv6, including VPN services. Apple had released a statement last June, saying:
“Starting June 1, 2016 all apps submitted to the App Store must support IPv6-only networking.”
Netherlands-based bVPN reported that their application (which uses IPv4 for DNS network scanning for optimal configuration) has been rejected by Apple for not supporting IPv6.
Following in Apple’s footsteps, US carrier, Verizon announced in an official statement in March 2017 that they will fully transition into IPv6 by the end of June this year.
“On June 30, 2017, Verizon will stop issuing new Public Static IPv4 addresses due to a shortage of available addresses. Customers that currently have active Public Static IPv4 addresses will retain those addresses, and Verizon will continue to fully support existing Public Static IPv4 addresses. In order to reserve new IP addresses, your company will need to convert to the Persistent Prefix IPv6 requirements and implement new Verizon-certified IPv6 devices.”
This means that Verizon customers with devices that still use IPv4 will have to replace their gadgets into IPv6 compatible ones.
Furthermore, the world witnessed what you may call it “the largest wireless IPv6 deployment” which was carried out by T-Mobile in which IPv6 was fully transitioned across the entire network.
Consequently, until all VPN service providers improve their software to be fully compatible with IPv6, VPN users are vulnerable to serious security risks, such as: IPv6 leaks.
What is VPN IPv6 Leak & What causes it?
The very idea of a VPN is to securely hide your real IP address and replace it with a fake IP to anonymise your identity while surfing the web, secure your personal data from potential attackers and snoopers, and to assist you in bypassing any geo-restrictions to be able to unblock and access any restricted web content. However, due to certain security flops, your “real” IP address could leak out and get exposed online.
When it comes to IPv6 users, there are many VPN services that are not compatible with IPv6 nor are they equipped with tools to encrypt it leading to IPv6 leaks. This mainly happens when the VPN connection drops unexpectedly, so instead of routing your data traffic through secret tunnels on the internet, your data traffic will take the normal route of your internet connection. Therefore, it becomes exposed to all peeping Toms online.
Moreover, some encryption protocols, like: L2TP are not compatible with IPv6. This means if you have an IPv6 address and use L2TP on your VPN connection, your IP address will be leaked out to your normal internet connection and you might also experience problems while trying to bypass censorship or access a geo-restricted web content.
How to Prevent VPN IPv6 Leaks?
Having an IPv6 address does not mean that you cannot use VPN. There is always a work around behind any internet problem and there are definitely many ways to avoid IPv6 leaks while using VPN.
1- Disable IPv6 on your OS (Windows, Mac OS, Android,…) for better VPN protection, especially if you are using L2TP protocol.
2- Enable VPN kill switch feature which terminates any running application in case a VPN connection drops suddenly.
3- Run VPN IPv6 leak tests to check whether your VPN leaks IPv6 or not.
4- Disable WebRTC on your browser (Firefox, Chrome, Opera) or switch to a browser that is not WebRTC-based.
5- Configure your VPN on your router instead of configuring it on your device directly. This will ensure that all devices connected to your network are protected.
It is without any doubt horrific to have your personal data and online activities compromised on the internet while being under the impression that you are protected by your VPN due to IP leaks, especially to Windows users. However, by understanding the root of the problem and getting a better idea about the different solutions for it, you will need to worry no more.