If you’re reading this and you don’t know what IPv6 is, it’s the replacement for the internet addresses we’ve all been using for years. The old system – IPv4 – doesn’t offer enough combinations for all the devices connecting to the internet to have a unique address, which is why IPv6 was developed.
It’s a bit like landlines and mobile phones: you can call someone using either method, but IPv4 is the landline here, and it’s becoming outdated.
Today, both IPv6 and IPv4 are used alongside each other but are incompatible. Let’s say you’re connected to the internet on your laptop at home, your internet service provider (ISP) might assign you only an IPv4 address because it does not support IPv6 yet. This means you can only connect to websites that use IPv4.
That isn’t a problem for 99.9 percent of the time because virtually all websites still support the old protocol. They may also support IPv6, but it’s only websites which exclusively use the newer protocol that you won’t be able to access.
What does IPv6 have to do with VPNs?
Most VPN providers do not support IPv6 yet. If your ISP only gives you an IPv4 address, that’s not an issue at all because all the internet traffic will go through an encrypted ‘tunnel’ that uses the same IPv4 protocol.
However, if your ISP does support IPv6 (such as BT in the UK, or Vodafone in Germany) then your device will probably be assigned both IPv6 and IPv4 addresses.
Windows and other operating systems, plus software such as web browsers, are designed to prefer IPv6 when it’s available, so will use that protocol when you search for something on Google, for example.
If your VPN service doesn’t support IPv6 and you are connected to one of its servers, then one of two things will happen. In an ideal scenario, the VPN will successfully block all IPv6 traffic and force everything to use IPv4 where it will be protected.
However, what could happen is that the IPv6 traffic is not blocked and any web searches which use IPv6 will go via your ISP and not through the encrypted VPN tunnel. That means you get none of the protection that a VPN is supposed to give you, and you may not even realise it because – as far as you’re concerned – your VPN app is connected and running fine.
Which VPNs support IPv6?
Is it safe to use a VPN which doesn’t support IPv6?
It depends. If it’s been designed and implemented properly, there should be no risk of IP leaks where your IPv6 traffic is allowed to flow outside of the VPN tunnel, exposing your real IPv6 address (and in turn potentially your real location and identity).
That is, of course what all the non-IPv6-supporting VPNs say they do. They claim to fully block IPv6 connections and exclusively use IPv4. We test for this when we review VPN services by using websites such as ipleak.net to make sure our IPv6 address is properly blocked.
And, as you might expect. VPN services which support IPv6 tend to say that they are the better choice because you’re fully protected no matter which device or ISP you’re using. There’s also a potential speed benefit because IPv6 networks tend to be less congested than IPv4 ones.
We spoke to hide.me’s tech lead Tomislav Cohar about this. He said, “Usually a VPN provider publishes an app and that app takes care of blocking IPv6, more or less successfully. That's fine and does work, but incurs a penalty for the customer: IPv6 sites do not work, dual-stack sites (Google, Facebook and the gang) use only IPv4. DNS queries have to be filtered to make sure no IPv6 addresses get served to a customer. Such operations may be logged. However you put it, anonymity gets reduced, connectivity suffers.”
“If a VPN provider supports manual configuration (as most VPNs do) then manual configuration of a connection becomes dangerous. With no IPv6 blocking or leak protection going on (which is usually handled by the apps) your IPv6 traffic flows through your ISP. The customer's security becomes severely compromised and any claims about protection do not make sense anymore.”
“In the UK, for example, the IPv6 adoption stands at 31%. So, roughly, every third customer of a VPN provider needs IPv6 protection of some sort.”
We also spoke to Surfshark, which doesn’t yet support IPv6 but is in the process of doing so. A spokesperson told us “At the moment we support IPv4 and we are blocking IPv6 for dual-stack customers to prevent leaks. This technique is safe and all traffic from customer devices is going via encrypted VPN tunnel utilising IPv4 connectivity. We are in the process of building a network of IPv6 VPN servers and will be adding IPv6 support to our apps in near future. Once we have IPv4 and IPv6 ready networks, our VPN apps will be creating VPN tunnels either on IPv4 or IPv6 connectivity, based on the customer's device preference and block the other protocol to prevent leaks.”
Hide.me, however offers simultaneous IPv4 and IPv6 connectivity, so there's no blocking going on.
If you’re choosing a VPN service, there’s an argument that it’s worth picking one that already supports IPv6 if your broadband and mobile internet providers are already using IPv6. You can find more buying advice in our roundup of the best VPN services.
However, if you’re already with NordVPN, Surfshark or another provider which doesn’t yet support the newer protocol, you may find that you can log into your broadband router and disable IPv6 connectivity and then change the settings on your phone to do the same to eliminate the risk of IPv6 leaks.