MV1000 is connected directly to my ISP’s cable modem.
MV1000 has VPN client is connected to my provider that provides IPv6 and IPv4 addresses.
My ISP also gives me an IPv6 address.
VPN policy is not turned on. All traffic is tunneled through the VPN
IPv6 in the MV1000 is enabled. Everything is set to automatic and NAT6
Here is the issue:
When MV1000 is connected to my VPN provider using OpenVPN, all clients connected to the MV1000 get my VPN provider’s IPv6 and IPv4 addresses. No IPv6 leak here.
When MV1000 is connected to my VPN provider using WireGuard, all clients get my VPN provider’s IPv4 address but they get my ISP IPv6 address resulting in an IPv6 leak.
Is #2 above a known issue with WireGuard in the MV1000?
I have a question, when you see “all clients get my VPN provider’s IPv4 address”, this seems a bridging setup.
In Openvpn you can use “tap” to build bridge. This work in the router. But in Wireguard, you cannot really build a bridge. At least I don’t know the router has this function. Can you explain how does this work?
After we make this clear we go forward to check ipv6.
My MV1000 is set to router mode if that’s what you’re asking.
I tested an alternative setup:
MV1000 is connected to the LAN port of my Asus router. My Asus router is connected to my ISP’s cable modem.
IPv6 is disabled on my Asus router
MV1000’s WAN IP is an internal IP address assigned by my Asus router
VPN policy on MV1000 is turned off
IPv6 in the MV1000 is enabled. Everything is set to automatic and NAT6
With the setup above using WireGuard, clients connected to the MV1000 get my VPN provider’s IPv4 and IPv6 addresses. Therefore there is no IPv6 leak in this setup.
Can you look into why there is no IPv6 leak in this setup but there is when the MV1000 is directly connected to the ISP’s modem?