Many people use VPN’s either to remote access internal networks, or Perhaps to provide an additional Layer of security when accessing the internet at an untrusted location such as a public Hotspot.

However with the increasing deployment of IPv6 it’s possible some people are not as safe as they might think.

You see it’s possible to get into a situation where if the network the user is connected to supports Both IPv4 and IPv6 but the VPN only supports one of these (most commonly IPv4) that traffic to any host using the other protocol bypasses the VPN entirely.

This is certainly true with some OpenVPN based VPN’s on windows and I suspect the problem is not unique to OpenVPN or windows for that matter either.

One work around is to temporarily disable IPv6 on the client device (assuming you can, on some mobile OS’s it’s almost impossible) this will of course mean you can’t get to any IPv6 only services, but any services using both IPv6 and IPv4 should still be reachable over v4.

Hopefully once IPv6 deployment accelerates and VPN software gets better IPv6 support this will be less of a problem as ether the VPN itself will be IPv6 enabled or it will at least be able to stop IPv6 leaking data when the VPN is established.


Update: 17/5/2014

Thanks to Jeremy’s comment below,  I’ve realised that this post might come across that OpenVPN does not support IPv6, I’d like to clarify that OpenVPN itself can indeed support IPv6 and force Default routes (So that even IPv6 will go via the VPN) however it requires the network hosting the VPN concentrator to support IPv6 and for the VPN to be configured to support IPv6.

It’s down to the way the VPN concentrator is configured rather than down to OpenVPN itself.   I cannot comment on other proprietary VPN solutions as I’ve not tested them.