1

My DSL/WiFi router lists the IPv6 GU- and LL- Address for each connected device, alongside the device's MAC address. When a device uses VPN, these addresses disappear from the LAN status listing.

Why is that? Is the VPN dropping to IPv4?

I am asking this, because the VPN circumvents the parental controls of the router, and this seems (so far) the only thing that changes when the VPN is on/off. And perhaps the router's controls are based on filtering based on the IPv6 LL address.

EDIT: to be clear, the parental controls are for time of day, not for specific websites. During restricted hours, say bedtime, the router blocks a device. Devices are recognized initially by their MAC address, that's how I, as admin, set restrictions for individual devices. It seems that the filtering/blocking itself after that is not based on MAC address but on something else.

I am going to see what the router's tech help can tell me, but I am not trouble shooting the router. I want to learn about the effectiveness of access restrictions. If it helps, the router is an Actiontec T3200 with broadcom inside (I believe), and the restricted device is an iPhone with VPN360 ("Unlimited Free VPN Proxy"). With the VPN off, the restrictions work.

The answer by Steffen Ullrich at My ISP provides IPv6 natively but my VPN does not support IPv6 is also illuminating.

Improve this question
6
  • Hi and welcome to Information Security SE. This is a good question, but a bit broad as it stands. Maybe It's also sligtly off-topic here because it seems more about a feature and configuration than on security per se. Commented Mar 13, 2020 at 7:55
  • Since this may be very specific please add make and model of your router and maybe also some configuration details for your VPN. Do you run the VPN endpoint on that same router or on another device? Commented Mar 13, 2020 at 7:56
  • More information on the VPN and OS involved could be useful. In general, this can happen if the VPN tunnels or blocks ALL IPv6 traffic, including ICMP packets used for the Neighbor Discovery Protocol (NDP), in which case it would seem to other IPv6 hosts on the network as if the device wasn't there anymore. Commented Mar 13, 2020 at 8:36
  • @Marcel, thank you for your warm welcome to the group. I am trying to learn about VPNs, routers and access control, as I wrestle with my own router. I am not trouble shooting it; that's better left to the helpdesk. The router is Actiontec T3200, I believe broadcom inside. The device is an iPhone running VPN360. The firewall is off, and I'd rather not chase port numbers to block (smart) VPNs. It's possible that the VPN only allows IPv4, I don't know, I will look for that info. Still, the router should have restricted the device by its IPv4 address too, if that's how it does it, no? Commented Mar 13, 2020 at 14:45
  • I think, it would be best to actually analyze the traffic from vpn enabled endpoint to wifi router. With that, you will be able to understand what is going on. Try to install wireshark on your laptop, connect it to wifi router via ethernet cable, and enable hotspot on laptop's wifi. Then run wireshark and analyze packets sent to your laptops wifi after connecting your iphone with vpn enabled to your laptop's hotspot. And post the results please. Commented Mar 13, 2020 at 15:13

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.