Department of Defense
High Performance Computing Modernization Program

Virtual Private Network (VPN) clients usually support several of these operating systems: Android, Apple iOS and macOS, Chrome OS, Linux, Microsoft Windows, and UNIX. Many VPN clients are unable to intercept and tunnel Internet Protocol version 6 (IPv6) packets. They can only tunnel IPv4 traffic. They do not tunnel or otherwise secure the flow of IPv6 traffic.

For Windows 8 (and later) users using any VPN client that tunnels only IPv4, disabling the Smart Multi-Homed Name Resolution feature is recommended. The reason for this recommendation and techniques for disabling the feature appear in this Windows 10 VPN Users at Big Risk of DNS Leaks article.

In alphabetical order, some enterprise-level VPNs that can simultaneously tunnel both protocols include:

1. Check Point End Point Remote Access VPN, when used in conjunction with a Check Point Security Gateway (VSX version R68 and higher)

2. Cisco AnyConnect SSL VPN (version 2.5 and later)

3. LogMeIn Hamachi VPN using the service (version Micrrosoft Windows and Apple macOS and OS X)

4. Forcepoint Stonesoft SSL VPN (version 1.1.0 and later)

5. Fortinet SSL VPN FortiClient, when used in conjunction with a FortiNet security appliance running FortiOS

6. The GreenBow VPN Client (version 6.1 and later)

7. Microsoft Always On VPN supported by Windows 10 clients and later

8. Microsoft Secure Socket Layer (SSL) VPN over the Secure Socket Tunneling Protocol (SSTP) supported by Windows Server 2008 and later

9. NCP Secure Engineering Secure Entry Client (version 9.3 or later)

10. OpenVPN Technologies Inc. Access Server (version 2.3.x and later), Client (version 2.3.x and later) and Connect (all versions when connecting to an Access Server that supports IPv6). Client 2.3.9 (and later) incorporates a solution to the above "DNS Leaks" issue

11. Palo Alto Networks GlobalProtect (version 4.0 or later), when used in conjunction with a Palo Alto Networks firewall running PAN OS (version 8.0 or later)

12. Pulse Secure when using their SSL VPN appliances (version 7.3 and later)

13. realVNC Ltd. Enterprise Edition (version 4.1.7 and later), Personal Edition (version 4.1.2 and later)

14. SonicWALL SSL VPN (version 3.5 and later)

Additional VPNs that do (and some that do not) simultaneously tunnel both protocols are identified in this article.

While it does more than just tunnel packets, the Microsoft DirectAccess product also tunnels both IPv4 and IPv6 packets.

VPN software for individual use that tunnels or otherwise secures the flow of IPv6 traffic includes,,,,,, and VyprVPN.

To prevent unsecure traffic via the IPv6 network stack while using a VPN client that can tunnel IPv4 traffic only, it is recommended to temporarily disable IPv6 and then reboot before activating the VPN client, and then re-enable IPv6 upon terminating the VPN client. The recommended procedure to disable or enable IPv6 traffic on specific host Operating Systems is described in separate articles in the IP Transport section of the IPv6 knowledge base.