Prevent ipv6 leak (#224)

Prevent ipv6 leak for OpenVPN
amnezia-vpn · Apr 25, 2023 · 8a8d38a · 8a8d38a
1 parent 6429ff0
commit 8a8d38a
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 1 deletion.
diff --git a/client/android/src/org/amnezia/vpn/VPNService.kt b/client/android/src/org/amnezia/vpn/VPNService.kt
@@ -396,7 +396,6 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
     fun establish(): ParcelFileDescriptor? {
         Log.v(tag, "Aman: establish....................")
         mbuilder.allowFamily(OsConstants.AF_INET)
-        mbuilder.allowFamily(OsConstants.AF_INET6)
 
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) mbuilder.setMetered(false)
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) setUnderlyingNetworks(null)

diff --git a/client/configurators/openvpn_configurator.cpp b/client/configurators/openvpn_configurator.cpp
@@ -118,6 +118,10 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig)
             config.append("redirect-gateway def1 bypass-dhcp\n");
         }
     }
+
+    // Prevent ipv6 leak
+    config.append("ifconfig-ipv6 fd15:53b6:dead::2/64  fd15:53b6:dead::1\n");
+    config.append("redirect-gateway ipv6\n");
 
 #if (defined Q_OS_MAC || defined(Q_OS_LINUX)) && !defined(Q_OS_ANDROID)
     config.replace("block-outside-dns", "");

diff --git a/deploy/data/macos/openvpn b/deploy/data/macos/openvpn