diff --git a/mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt b/mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt
index feb039cc..61c96083 100644
--- a/mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt
+++ b/mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt
@@ -49,6 +49,7 @@ class TetheringService : IpNeighbourMonitoringService(), VpnMonitor.Callback {
// system tethering already has working forwarding rules
// so it doesn't make sense to add additional forwarding rules
val routing = Routing(upstream, downstream).rule().forward().masquerade().dnsRedirect(dns)
+ if (app.pref.getBoolean("service.disableIpv6", false)) routing.disableIpv6()
routings[downstream] = routing
if (!routing.start()) failed = true
} catch (e: SocketException) {
diff --git a/mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt b/mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt
index c74da64c..8e74bed7 100644
--- a/mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt
+++ b/mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt
@@ -47,6 +47,12 @@ class Routing(val upstream: String?, private val downstream: String, ownerAddres
return this
}
+ fun disableIpv6(): Routing {
+ startScript.add("echo 1 >/proc/sys/net/ipv6/conf/$downstream/disable_ipv6")
+ stopScript.add("echo 0 >/proc/sys/net/ipv6/conf/$downstream/disable_ipv6")
+ return this
+ }
+
/**
* Since Android 5.0, RULE_PRIORITY_TETHERING = 18000.
* This also works for Wi-Fi direct where there's no rule at 18000.
diff --git a/mobile/src/main/res/values-zh-rCN/strings.xml b/mobile/src/main/res/values-zh-rCN/strings.xml
index 20658089..a74ead10 100644
--- a/mobile/src/main/res/values-zh-rCN/strings.xml
+++ b/mobile/src/main/res/values-zh-rCN/strings.xml
@@ -60,6 +60,8 @@
"自动 (1\u201114 = 2.4GHz, 15\u2011165 = 5GHz)"
严格模式
只允许通过 VPN 隧道的包通过,不适用于系统共享
+ 禁用 IPv6 共享
+ 防止 IPv6 VPN 泄漏。
备用 DNS 服务器[:端口]
清理/重新应用路由规则
杂项
diff --git a/mobile/src/main/res/values/strings.xml b/mobile/src/main/res/values/strings.xml
index 4ff94a63..507e27cf 100644
--- a/mobile/src/main/res/values/strings.xml
+++ b/mobile/src/main/res/values/strings.xml
@@ -64,6 +64,8 @@
Strict mode
Only allow packets that goes through VPN tunnel. Does not
apply to system tethering.
+ Disable IPv6 tethering
+ Enabling this option will prevent VPN leaks via IPv6.
Fallback DNS server[:port]
Clean/reapply routing rules
Misc
diff --git a/mobile/src/main/res/xml/pref_settings.xml b/mobile/src/main/res/xml/pref_settings.xml
index 28a0d525..9f8dd9b0 100644
--- a/mobile/src/main/res/xml/pref_settings.xml
+++ b/mobile/src/main/res/xml/pref_settings.xml
@@ -6,6 +6,10 @@
android:key="service.repeater.strict"
android:title="@string/settings_service_repeater_strict"
android:summary="@string/settings_service_repeater_strict_summary"/>
+