Workaround for VPNC leak of IPv6 with NetworkManager

Many paywall websites, particularly for refereed journals like IEEE have been enabling IPv6 access. This becomes a problem when your institution (or at least their VPN) is IPv4 only, and your laptop connection is IPv4 + IPv6. The IPv6 may leak around the VPN, causing authentication failure to the paywall website, despite using VPN.

Fix VPN IPv6 leakage

The workaround is to create a separate profile in NetworkManager. You can make this profile your main profile if you don’t ever want IPv6. Let’s call this new profile “LANv4”

  1. NetworkManager → General → UNCHECK “Automatically connect to this network when it is available”
  2. IPv6 Settings → Method: Ignore

Connect to VPN by:

  1. select LANv4
  2. In Ubuntu desktop toolbar, Disable networking, Enable Networking
  3. Connect to VPN

Verify no IPv6 on VPN

use this Bash script to check public IPv4 and IPv6

Note

It is possible to disable IPv6 persistently by adding to /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1

but I want to use IPv6 most of the time.

Leave a Comment