Workaround for VPNC leak of IPv6 with NetworkManager

Many paywall websites, particularly for refereed journals like IEEE have been enabling IPv6 access. This becomes a problem when your institution (or at least their VPN) is IPv4 only, and your laptop connection is IPv4 + IPv6. The IPv6 may leak around the VPN, causing authentication failure to the paywall website, despite using VPN.

Fix VPN IPv6 leakage

The workaround is to create a separate profile in NetworkManager. You can make this profile your main profile if you don’t ever want IPv6. Let’s call this new profile “LANv4”

  1. NetworkManager → General → UNCHECK “Automatically connect to this network when it is available”
  2. IPv6 Settings → Method: Ignore

Connect to VPN by:

  1. select LANv4
  2. In Ubuntu desktop toolbar, Disable networking, Enable Networking
  3. Connect to VPN

Verify no IPv6 on VPN

Bash script to check public IPv4 and IPv6: getIP.sh

Note

It is possible to disable IPv6 persistently by adding to /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1

but I want to use IPv6 most of the time.

Tags: ,

Categories:

Written by Michael Hirsch, Ph.D. //

Comments