You may not realize it, but the web is undergoing a protocol upgrade because we’ve run out of IP addresses. Under the current (IPv4) system, there are approximately 4.3 billion IP addresses, which is actually fewer than the current number of internet-capable devices.
So the web will be slowly transitioning to use the IPv6 protocol which supports a theoretical total of 2128 which is a number so large it’s hard to get your mind around.
But for a variety of reasons, most VPN providers don’t support the IPv6 protocol yet. This article will explore the pros and cons of allowing IPv6 over VPN, and you’ll also learn which VPN providers currently support the IPv6 protocol.
What you need to know about IPv6?
Do I even need IPv6?
The short answer is no, not right now. And probably not for the foreseeable future either.
Even though there are more devices than IP addresses, many devices can (and do) share the same IP address. For example, every device on your home wifi network has the same external ip address.
Eventually the entire web will switch transition over to IPv6, but the best estimates of when that will happen put the shift nearly 20 years in the future (around 2035).
And if you don’t use IPv6 right now you aren’t really missing out on anything. Almost no websites require IPv6, and many sites and services don’t even offer an IPv6 address yet. Heck, many routers made this decade don’t even have IPv6 support.
And many VPN users actually have IPv6 manually disabled on their router (or VPN software) for security reasons (covered below). I personally have never experienced a problem or had trouble accessing a site because IPv6 is off.
Why don’t some VPNs support IPv6?
A significant percentage of the most popular VPN providers don’t support IPv6 or allow the option to disable it in their software.
There are two main reasons why:
- There’s no real use for it yet, so enabling it just adds complexity.
- There are some privacy risks (IPv6 address leaks) to using IPv6 with a VPN on older OS’s and before the tech is widely adopted.
IPv6 leaks are one of the possible VPN leaks that can threaten your security when using a VPN.
What’s an IPv6 Leak? You may not realize it, but if your internet provider (ISP) supports IPv6 already (most in the USA do) then your computer actually has an IPv6 address in addition to a traditional IPv4 address. And when using a VPN, that IPv6 address could accidentally leak if you’re VPN doesn’t have leak protection.
As a result VPN providers have opted for 1 of 2 possible fixes for IPv6 leaks:
- Custom code in the VPN server/app to prevent IPv6 leaks
- Blocking IPv6 altogether (NordVPN is a well-known VPN that chose this option).
What if your VPN doesn’t plug IPv6 leaks? Even if this is the case, it’s still super simple to fix on your own. You can either disable IPv6 in your router settings (the ASUS routers we recommend all have this option).
VPNs that do (and don’t) support IPv6
The current list of VPNs that fully support IPv6 is quite small, most providers simply block the protocol or route it to a ‘black hole’ as NordVPN does.
VPNs with full or partial IPv6 Support:
Below you’ll find a more-detailed look at the current IPv6 policy and roadmap for several of the largest VPN companies.
Cyberghost (supports IPv6)
And they’re one of the only VPNs that currently 100% supports IPv6. They even have a dedicated help policy on the subject which states:
Even better, our tests during our Cyberghost Review process found no evidence of IPv6 leaks, so it appears their implementation is quite secure.
ExpressVPN (Blocks IPv6)
ExpressVPN is one of the more popular VPN services, despite its above-average pricing. Their software is some of the best in the industry, but ExpressVPN doesn’t support IPv6 yet.
There’s no info on their website about a roadmap or any plans to support IPv6 (though eventually they will be forced to when the technology is more mainstream). Unlike some VPNs, IPv6 doesn’t ‘plug’ IPv6 leaks but instead blocks the protocol entirely as shown in our ExpressVPN review.
IPVanish (No IPv6 Support)
IPVanish doesn’t support IPv6, and their public documentation says that IPv6 connections may be routed outside the VPN tunnel. The IPVanish software does currently have optional IPv6 leak protection or you can manually disable IPv6 on your router to be safe.
IPVanish has stated that they do intend to fully support IPv6 but a firm date for the rollout hasn’t been released yet. Our best guess is they’ll prioritize it when other big VPN players start making the switch.
NordVPN (Blocks IPv6)
NordVPN doesn’t support IPv6 but they have built always-on IPV6 leak protection into their desktop and mobile software. Their solution won’t route IPv6 insecurely but instead directs it to a ‘black hole’ inside the VPN tunnel.
Essentially it blocks all IPv6 connectivity without ever exposing your IPv6 address through leaks. NordVPN is one of our favorite Zero-Log VPN services and is fully Netflix-compatible (not blocked). Even better, they’re running an amazing deal that gets you 2 years of service for under $4/month.
Private Internet Access (Blocks IPv6)
Like most of their peers, Private Internet Access blocks IPv6 while routing it inside the VPN tunnel to ensure there are no leaks. This option can be toggled from inside PIA’s software if for some reason you do want to enable IPv6.
Currently PIA has no public roadmap for IPv6 support. That said, it’s still one of the best VPNs for the money, period. Check out our PIA review to see why we love their service so freakin much.
VyprVPN (No IPv6 Support)
VyprVPN does a lot of things amazingly well. Their best-in-class software is a great example of this. Unfortunately their IPv6 support is one weak spot.
Not only does VyprVPN no support the protocol, but to they haven’t implemented specific IPv6 leak blocking in their software, meaning IPv6 traffic could theoretically be routed outside the VPN tunnel. Their help forum suggests their is no specific roadmap for IPv6 leak protection or support.
What to do if your VPN doesn’t support IPv6
It’s important to understand that while you don’t actually need IPv6 right now, it is essential to make sure that IPv6 traffic isn’t being routed insecurely. This could compromise some of the anonymity that a VPN provides by exposing your IPv6 address to websites, streaming services or BitTorrent peers.
No, you don’t need to switch VPN providers.
You just need to block IPv6. And it’s really easy. You can do it at the router level (disable IPv6 for all your connected devices) or on a single device like your PC. At this time there’s no easy way to disable IPv6 on an Android or iPhone device so you’re better off using the router method.
Each router (if it supports IPv6) will have it’s own settings menu to disable/block IPv6. On all ASUSWRT routers (which we love), IPv6 can easily be disabled by going to:
Advanced Settings > IPv6 > Disable IPv6
Testing for IPv6 Leaks
An important step in securing your IPv6 connections to make sure that your VPN (or your router) is correctly blocking IPv6 connectivity. A great site for this is ipleak.net.
If the test can’t detect your IPv6 address (as shown below) then your leak protection (or IPv6-blocking) is working correctly.