I have a OpenVPN server which has IPv4 only.
I have a OpenVPN client which has IPv6 and IPv4.
While connected to the VPN the client is exposed to "IPv6 leak".
When client visits IPv6 enabled web sites, the Internet traffic does not go through the VPN tunnel and his real IP address is exposed to the IPv6 web site in question.
How can I push parameters via the OpenVPN server that will either shut down/block IPv6 traffic, or will route it to no where so that his Internet will failover to IPv4, with the goal to stop IPv6 leak while connected to IPv4 only VPN server.
Note: I know how to block IPv6 traffic manually in Windows and Mac there are many articles about that. I want to achieve that via the OpenVPN server config, or via the OpenVPN client config if the first is not possible.
(You can test if you have IPv6 leak at ipv6leak dot com)
Thank you
Best Answer
Whilst the most correct answer is Michael Hampton's comment that you should get IPv6 to your OpenVPN server, you could instead cause the OpenVPN server to push a route for 2000::/3, and then reject any IPv6 traffic that arrives. You may need to twiddle what sort of rejection you send back to cause the client to fallback to IPv4 rather than just saying "lolidunno" and giving up, but it'll give a better user experience than just dropping all the IPv6 traffic on the floor (unless your clients all implement Happy Eyeballs, in which case, reach for the
DROP).