Google VPN is available for folks on Mac & PC now, and it supports IPv6!
Do you really want all your communication to go through Gg ? If you just want ipv6, you can just use He or mount your own VPN.
Be warned - the Google VPN breaks IPv6 LAN communication, at least on Pixel phones…
Google VPN runs by default on Pixel phones when Google Fi is the carrier and you are connected via WiFi.
The Google VPN breaks IPv6… specifically any IPv6 packet addressed to another device on your LAN using its global-scope IP gets lost (guessing it gets redirected through the VPN and sent to Google rather than sent out the Wifi interface).
For example - an app sends out a multicast discover packet. Devices on your LAN respond unitcast to this discover packet. App then tries to open a connection to each device - this fails due to the Google VPN.
Disabling the Google VPN fixes the problem.
If anyone knows of a way to report the bug to Google I can do a formal write up of the problem.
The dns servers say “feck off”.
Cloudflare Warp also has IPv6. Before I started using Tailscale I used it when I didn’t have IPv6 connectivity to connect to some services I host on my home, where IPv4 is behind CGNAT but I have IPv6.
algo (from trail of bits) handles IPv6 too, and doesn’t give more of your info to google
Does anyone know what the remove VPN endpoint is? Is it reachable over IPv6, or is v6 only supported inside the tunnel (which is nice already), but the transport is v4 only?
Kinda ironic of a Google product sinkholing your entire traffic to claim making it ‘private’, but that’s another topic.
I’m using HE, but this is a good entry-level option.
So you want split tunnelling enabled, call it that. Don’t call it broken when all traffic is required to go thru a vpn.
I’m lucky my Android-Microsoft integration & Google Home still works on my Pixel, Fi VPN or not. But you raise a valid observation.
apps should be responding MULTICAST to mdns discover, only llmnr is unicast. mdns works like this because it allows other devices on the broadcast domain to cache the responses and avoid sending their own discovers, which makes the whole protocol much less chatty than llmnr when you have lots of devices.
Anyway once found you still connect on unicast. Does it sinkhole the traffic for fe80/fc00 addresses or just for globally routable ones (of the latter that SHOULD technically still work, but os obviously not adding privacy and is bad for performance as your going back and forth to googles datacenter. The connection back from google will also probably be blocked by any stateful firewalls too.
Yes…but warp… -__-
why in gods name would you need nat66 for this? Using nat66 would seem to kinda defeat the point of ipv6, and doesn’t help privacy over ensuring that the v6 address is assigned from some /48 in a privacy preserving way.
Route48 is another provider that utilizes WireGuard
IPv4 LAN IP addresses work fine and don’t get routed through the VPN. IPv6 LAN IP addresses (global scope) fail.
There don’t seem to be any relevant configuration options to fix it on a Pixel phone.
IPv6 experts call it subtree routing, which is almost a necessity for multi homed setups.
You use different routes depending on your source ip.
And let me tell you, it’s a relieve after having to do all that shit with ip rules, which I was accustomed to with IPv4 multi homed.
I mean, the other option here is Google…
Because: WireGuard, and its limitations around IPv6.
It has no support whatsoever for dynamic addressing, so the providers have to assign static addresses to the VPN clients. You could give them a static global address that’ll follow them everywhere - or you can do the arguably more privacy friendly option of giving them a link-local address at NAT66 them so they all appear to come from the same IP as all the other VPN users.
Yes but warp has all the same complaints I have with their DNS service, which for me makes it a non starter. See this rant I posted on another post. https://www.reddit.com/r/ipv6/comments/100oc07/comment/j2onzpo/