From 1352ccf9a3d7c6379e0b205be73558c7e3bd3ef4 Mon Sep 17 00:00:00 2001
From: Orazio <orazioedoardo@users.noreply.github.com>
Date: Tue, 10 Mar 2020 14:16:23 +0100
Subject: [PATCH] Avoid IPv6 leak by routing IPv6 through WireGuard

  - Since the server is IPv4 only, routing IPv6 through it prevents IPv6
    packets from going outside the tunnel (if the client supports IPv6).
---
 scripts/wireguard/makeCONF.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/wireguard/makeCONF.sh b/scripts/wireguard/makeCONF.sh
index d99310d..745db08 100755
--- a/scripts/wireguard/makeCONF.sh
+++ b/scripts/wireguard/makeCONF.sh
@@ -104,7 +104,7 @@ echo "[Peer]
 PublicKey = $(cat keys/server_pub)
 PresharedKey = $(cat keys/psk)
 Endpoint = ${pivpnHOST}:${pivpnPORT}
-AllowedIPs = 0.0.0.0/0" >> "configs/${CLIENT_NAME}.conf"
+AllowedIPs = 0.0.0.0/0, ::0/0" >> "configs/${CLIENT_NAME}.conf"
 echo "::: Client config generated"
 
 echo "# begin ${CLIENT_NAME}