Update 2026-03-07: Proton has added the IPv6 configurations mentioned below to the WireGuard config files that you can get through the web dashboard. The guide below is for historical purposes only.
The Linux app supports IPv6 over the VPN but still connects to the VPN server using IPv4.
It's possible to make changes to the WireGuard configs that you can get from https://account.protonvpn.com/downloads to enable IPv6.
An easy way to test if a server supports IPv6 is to use the browser extension and then go to myip.wtf or test-ipv6.com, or you could check the list at https://mikaeldui.github.io/proton-vpn-server-list/.
Here's an example of a WireGuard profile I got for CH#600:
[Interface]
# Key for Reddit Test Config 2025-01-05
# Bouncing = 2
# NetShield = 1
# Moderate NAT = on
# NAT-PMP (Port Forwarding) = on
# VPN Accelerator = on
PrivateKey = *redacted*
Address = 10.2.0.2/32
DNS = 10.2.0.1
[Peer]
# CH#600
PublicKey = Ii6hAbnu84wZ8NzVt5+ylO4FnX+ANrKNzpFOSYq9dks=
Endpoint = 79.127.184.216:51820
# For Windows
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1
# For Linux, Android, routers, etc.
AllowedIPs = 0.0.0.0/0 I'll now make some changes to Address, DNS and AllowedIPs to enable IPv6 over VPN.
Note: 2a07:b944::2:2/128 and 2a07:b944::2:1 are the same for all servers, it's not specific to CH#600.
[Interface]
# Key for Reddit Test Config 2025-01-05
# Bouncing = 2
# NetShield = 1
# Moderate NAT = on
# NAT-PMP (Port Forwarding) = on
# VPN Accelerator = on
PrivateKey = *redacted*
Address = 10.2.0.2/32, 2a07:b944::2:2/128
DNS = 10.2.0.1, 2a07:b944::2:1
[Peer]
# CH#600
PublicKey = Ii6hAbnu84wZ8NzVt5+ylO4FnX+ANrKNzpFOSYq9dks=
Endpoint = 79.127.184.216:51820
# For Windows
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1
# For Linux, Android, routers, etc.
AllowedIPs = 0.0.0.0/0, ::/0If your ISP supports IPv6 then you can enable IPv6 connectivity to the VPN server, and to do that we need to look up the node's domain at https://api.protonmail.ch/vpn/logicals https://mikaeldui.github.io/proton-vpn-server-list/. For CH#600 the domain is node-ch-31.protonvpn.net. This can be used as the Endpoint to enable automatic switching between IPv4 and IPv6, useful on a phone or laptop using hotspots without IPv6.
[Interface]
# Key for Reddit Test Config 2025-01-05
# Bouncing = 2
# NetShield = 1
# Moderate NAT = on
# NAT-PMP (Port Forwarding) = on
# VPN Accelerator = on
PrivateKey = *redacted*
Address = 10.2.0.2/32, 2a07:b944::2:2/128
DNS = 10.2.0.1, 2a07:b944::2:1
[Peer]
# CH#600
PublicKey = Ii6hAbnu84wZ8NzVt5+ylO4FnX+ANrKNzpFOSYq9dks=
Endpoint = node-ch-31.protonvpn.net:51820
# For Windows
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1
# For Linux, Android, routers, etc.
AllowedIPs = 0.0.0.0/0, ::/0Or, you can look up its IPv6 address (in the AAAA record) and force connections to the VPN over IPv6 like this:
You can also find IPv6 addresses for the nodes at https://mikaeldui.github.io/proton-vpn-server-list/.
[Interface]
# Key for Reddit Test Config 2025-01-05
# Bouncing = 2
# NetShield = 1
# Moderate NAT = on
# NAT-PMP (Port Forwarding) = on
# VPN Accelerator = on
PrivateKey = *redacted*
Address = 10.2.0.2/32, 2a07:b944::2:2/128
DNS = 10.2.0.1, 2a07:b944::2:1
[Peer]
# CH#600
PublicKey = Ii6hAbnu84wZ8NzVt5+ylO4FnX+ANrKNzpFOSYq9dks=
Endpoint = [2a02:6ea0:d411:5432::10]:51820
# For Windows
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1
# For Linux, Android, routers, etc.
AllowedIPs = 0.0.0.0/0, ::/0Put this conf in any WireGuard app and enjoy your fully IPv6 enabled VPN!
Thank you for the writeup.
After some trial and error, I finally achieved full IPv6 connectivity in Opnsense.
I built this upon a working IPv4 setup and without strictly following above, I might pass browser IPv6 tests and all but could never e.g. access ipv6.google.com (some proclaimed IPv6-only sites might still connect with an incomplete setup)
Edit - I must say, it’s very hit or miss at this point…