Stop IPv6 Leaks When Using Clash TUN on Dual-Stack Networks (2026)

1. What “TUN On” Still Misses on Dual-Stack Networks

People reach for TUN mode because it promises completeness: capture traffic closer to the operating system’s routing table than a browser-aware HTTP proxy port ever could. That promise is directionally true for flows that actually traverse the virtual adapter and participate in the policy engine you configured. The painful dual-stack caveat is that “Internet” is not one address family. When your ISP, campus WLAN, or tethered phone hands you working IPv6 alongside legacy IPv4, many stacks treat the pair as independent happiness probes rather than a single funnel into Clash. A site may publish both A and AAAA records so clients can race connections; a streaming API may prefer whichever path has lower loss on the last mile; a mobile OS may escalate to v6 aggressively to reduce carrier-grade NAT pain on v4. If your tunnel is only shaping one family—or shaping both but with uneven DNS—the observable user impact is the same class of confusion you already associate with DNS leaks, except the leak is not merely “wrong resolver,” it is “right resolver, wrong address family exiting outside the tunnel.”

Another subtlety is measurement bias. Running an “IP check” in a browser tab may exercise a different code path than running the same check in a system tray utility or a command-line curl call. Browsers ship their own network stacks, connection pools, DNS caches, and experimental protocols; some integrate secure DNS settings independently from the OS resolver chain. You might therefore see “IPv4-only egress through Clash” in one tool while another proves that IPv6 still reaches the internet unproxied. The fix is not tribal knowledge about which IP checker is honest; it is forcing a coherent story across resolver output, tunnel acceptance, and logging. If you have not yet internalized fake-ip contracts, pause and read our region-aware DNS deep dive: the same resolver alignment principles show up again here, only now the failure mode includes address-family skew.

Finally, remember that split routing is a feature until it isn’t. Configurations that optimize domestic CDNs with aggressive GEOIP,CN shortcuts can be excellent for day-to-day browsing yet catastrophic when a hostname resolves to both domestic and overseas edges across families. Dual-stack calibration means you explicitly decide whether your threat model wants IPv6 reachable at all while tunneling. Neutrality is expensive; “half disabled” IPv6 is often worse than a deliberate policy because it looks intermittent in logs.

2. Two Stacks, Two Default Routes: IPv4 vs IPv6 in Practice

At a high level, think of dual-stack as running two parallel internets on one NIC: each has its own global scope addresses, neighbor discovery behaviors, path MTU stories, and firewall interactions. A Clash TUN interface can install routes that attract one family’s traffic while the other still follows the physical default route from your router advertisement or carrier provisioning. Some cores and GUIs expose toggles that make IPv4 forwarding look flawless while IPv6 remains “up” for local link purposes but still globally routed—exactly the setting that produces “my leak test says my home ISP” even though v4 looks fine. From a troubleshooting perspective, classify the symptom into route capture versus policy capture: does the packet even arrive at the core, and once there, do DOMAIN rules see names?

Transport racing amplifies the confusion. Modern clients do not politely try IPv4 first every time; they attempt parallel connection establishment with backoff timers tuned for responsiveness. That means your user-visible glitch can be time-of-day sensitive: when v6 latency spikes, the client might fall back to v4 and suddenly “Clash works,” creating false confirmation that you fixed something when you only changed timing. Stable engineering means removing the alternate fast path you do not intend to use rather than hoping races land on your tunnel. For readers who prefer metaphor over RFCs: dual-stack without explicit policy is like installing two exits from a concert venue—fans will leave through whichever door opens first.

On the positive side, once both stacks are intentionally aligned, your mihomo logs become dramatically less mythological. You stop chasing “random DIRECT” lines that were never random; they were IPv6 datagrams classified by a fallback you forgot existed. That is the mindset shift that turns noisy forums into reproducible triage. Pair it with SNI-aware debugging from our sniffer guide when TLS hides hostnames on the remaining IPv4 leg.

3. DNS as a Dual-Stack Lever: AAAA, DoH, and Resolver Bypass

DNS is where dual-stack pain intersects user expectations about Clash “controlling the network.” If the application resolves names through an encrypted resolver embedded in the browser, a stub resolver that skips your core’s dns.listen, or an enterprise profile pushed by MDM, then your carefully tuned YAML never observes the query that produced the AAAA set. Even when queries do hit the core, fake-ip mode introduces a second contract: the mapping must remain coherent for domain rules and for any sniffer that reconstructs hostnames from TLS ClientHello. When DNS leakage appears alongside IPv6 symptoms, fix resolver centralization first; otherwise you patch routing while the name-to-address story keeps changing underneath you.

Practical calibration steps start with visibility: log DNS outcomes at the core, compare against what the OS cache reports, and clear stale entries when you toggle modes. If you operate mixed profiles—one for office Wi-Fi and one for cellular—expect different resolver behaviors; tethering on some carriers injects IPv6-only DNS paths that ignore your laptop’s static IPv4 assumptions. As a rule, treat AAAA responses as first-class data. If you intend to steer everything through an IPv4-only exit for policy reasons, consider whether leaving global IPv6 enabled is intellectually honest. Many “mysterious” site failures are simply the remote endpoint preferring v6 while your tunnel story is v4-shaped.

Advanced users sometimes combine Sniffer overrides with strict DNS to recover hostnames on flows that initially appear as bare IP literals—useful when QUIC or HTTP/3 complicates classification. The warning label is the same as everywhere else in Meta-class cores: sniffing is reinforcement, not permission to ignore resolver hygiene. If you lean on sniffers heavily, correlate with logs rather than cranking sensitivity globally; overlap with the workflow described for other verticals in our advanced routing reference keeps ordering mistakes from multiplying.

4. OS and NIC Policy: When to Disable vs Constrain IPv6

There are two coherent strategies, and mixing them without documentation is how weekends disappear. Strategy A is disable or de-preference IPv6 at the OS or interface level when your proxy chain cannot guarantee equivalent handling for global v6 traffic. That is blunt but effective for tethered users, hotel networks with broken v6, or personal setups where every remote exit you trust is an IPv4-only POP anyway. Strategy B is keep dual-stack but route both families through the same policy engine, which is more elegant yet demands compatible stacks, GUI toggles, and sometimes kernel modules configured correctly on Linux. Neither strategy is “more correct” in isolation; they answer different constraints.

If you choose disablement, prefer documented switches over folklore registry hacks. Operating systems expose IPv6 toggles through network adapters, Wi-Fi profiles, and sometimes per-interface metrics. On Windows, unrelated virtualization or VPN software can resurrect adapters you thought you removed; a reboot often matters after toggling TUN drivers. On macOS, multiple extensions may compete for the same “filter order,” which is why Symptom X only appears after sleep/wake cycles. Document what you changed so the next OS upgrade does not silently revert assumptions. Readers on Windows with partial captures—especially UWP applications—should cross-read our TUN, UWP, and loopback article; dual-stack issues stack orthogonally on top of those process model quirks.

If you choose constraint instead of full disablement, articulate what “global IPv6 off but link-local on” means for your use case. Some home LAN protocols legitimately expect neighbor discovery behavior even when you do not want your browser opening global v6 sockets toward arbitrary ASNs. The art is minimalism: close the exact door that leaks, not every ICMP echo on your LAN. When in doubt, log first, then cut.

5. Mihomo Core Settings: ipv6, TUN, and Stack Parity

In Clash Meta class cores, the ipv6 switch in the general section is the headline knob people mention in forums: it tells the core whether to emit or expect IPv6 semantics in downstream components. Treat that knob as coordination between your intent (“I want v6-capable tunnels”) and reality (“my nodes only speak v4”). Pair it with the tun stanza in your profile if you use it: interface names, stack selection, and strict-route behaviors differ across platforms and builds. The guiding question is blunt: after edits, does every new global socket have a single defensible path through your policy groups?

YAML hygiene still matters. A beginner mistake is to copy a bloated profile that enables v6 in the core while simultaneously importing rules that assume v4-only GEOIP tags, then wondering why GEOIP lines behave unexpectedly. Another mistake is enabling experimental features in the GUI without restarting the service layer so old listeners linger. When you change dns or ipv6 settings, adopt a disciplined restart ritual and watch logs during the first thirty seconds of client startup—most misconfigurations announce themselves early if you look.

# Illustrative fragments — adapt keys to your core version and GUI-exported profile
ipv6: false   # set true only when your tunnel + nodes actually handle IPv6 end-to-end

dns:
  enable: true
  ipv6: false   # keep DNS answers aligned with how you route egress
  listen: 0.0.0.0:53

The snippet is intentionally conservative: flipping dns.ipv6 without touching OS IPv6 can still leave a global v6 transport path alive, while flipping OS settings without touching DNS can break name resolution in subtler ways. This section’s takeaway is “parity”: the core, resolver, and OS should not contradict each other. When they do, applications pick whichever inconsistency favors their latency targets—which is rarely your privacy model.

6. Rule Calibration: GEOIP, IP-CIDR6, and Order Discipline

Domain-first purists sometimes underestimate how often traffic arrives as an IPv6 literal that bypassed hostname rules entirely, especially under aggressive prefetching or when QUIC shifts identifiers. That is where IP-CIDR6 rows, GEOIP database freshness, and understanding MMDB sourcing intersect. If your provider’s GEOIP file predates meaningful IPv6 allocations in your region, you will mislabel traffic in ways that feel like censorship when it is actually stale data. Combine periodic rule-provider refresh discipline—see our standalone rule-provider and GEOIP update guide—with a suspicion of hard-coded IP lists copied from chat groups in 2019.

Order discipline stays evergreen. Put narrow evidence-backed rows—specific DOMAIN-SUFFIX or IP-CIDR6 ranges you verified from logs—above lazy MATCH defaults that hammer DIRECT. Remember that GEOIP catches countries, not intent; some multinational CDNs deliberately anycast into confusing footprints. When dual-stack is enabled, duplication across families is expected: mirror important allowances or blocks across both IPv4 and IPv6 representations when you truly need symmetry. If that sounds onerous, that is another signal that disabling global IPv6 might align better with your operational budget.

Finally, think about ICMP and neighbor messages carefully when you write “security hardening” iptables or Windows filters. Over-filtering ICMPv6 can degrade path MTU discovery indirectly, creating “slow sites” misattributed to Clash. Change one layer at a time, revert aggressively, and never treat firewall tutorials as drop-in compatible with tunnel stacks you did not author.

7. Platform Notes: Windows, macOS, Linux, Android at a Glance

On Windows, driver conflicts between multiple Wintun-like adapters are routine. Uninstall abandoned VPN products you no longer run; stale filter drivers survive app removal far longer than users expect. When toggling IPv6 on an adapter, validate both the Wi-Fi NIC and the virtual tunnel NIC. Enterprise endpoint agents may inject corporate DNS or split tunnel policies that reappear after reboot. If you suspect store apps specifically, loop back to the TUN/UWP article cited earlier rather than duplicating long platform lore here.

On macOS, network extension ordering and Full Disk Access prompts distract from the IPv6 question—yet the dual-stack story still applies. Profile-based Wi-Fi settings can override what System Settings shows at a glance. When debugging, capture whether your client runs as a standalone app bundle or a helper daemon launched by launchd so you know which resolver APIs it calls. The goal is identical: prevent silent global v6 egress that missed the extension’s tunnel interface.

On Linux, you own the routing table—congratulations and condolences. Inspect ip -6 route, sysctl knobs like accept_ra, and whether systemd-resolved or dnsmasq runs a cache your core does not know about. Containerized workloads add another dimension; a browser on the host may use TUN correctly while a Docker bridge still selects v6 from the LAN unless you harmonize defaults. Android derivatives often centralize VPN APIs differently from desktops; if your vendor GUI exposes per-app bypass lists, remember those bypass lanes are parallel to Clash rules entirely.

8. Leak Tests, Logs, and a Staged Verification Workflow

Treat leak testing as a protocol, not a vibe. Stage one is baseline: note public IPv4 and IPv6 endpoints with Clash paused, then repeat with TUN enabled and a deliberate policy group selected. If v4 changes while v6 stays identical to baseline, you have captured the leak fingerprint immediately. Stage two is application variance: compare browser-based checks with CLI tools that force curl’s resolver and family flags so you cannot mistake HTTP/2 vs HTTP/1 nostalgia for routing truth.

Stage three is log correlation. Tail the core’s log during reproducible actions: opening a chat app, placing a voice call, or starting a stream. Look for lines where IPv4 flows classify under your proxy policy while IPv6 still maps to DIRECT or an unexpected GEOIP bucket. Promote evidence from logs into explicit rules or OS policy; demote guesses imported from forums unless verified. Stage four is regression testing after subscription refreshes: automation that rewrites YAML could strip personal overrides silently if you do not version-control them.

Keep a redacted notebook of settings that worked—interfaces touched, sysctl values changed, YAML keys toggled—because “I fixed it Tuesday” is not reproducible when campus rotates DHCP prefixes Friday night.

9. Ethics, Campus, and Employer Networks

Understanding dual-stack routing is neutral plumbing knowledge; circumventing lawful network policies is not the point. If you administer student housing Wi-Fi, corporate laptops, or regulated terminals, your acceptable use terms may forbid tunneling altogether. This article helps engineers debug misconfigurations and accidental exposure—real problems that waste support hours—not provide a playbook for violating contracts you signed. When transparency matters, separate “binary distribution” from “source discussion”: upstream repositories can clarify licenses while installer integrity still flows through trusted channels.

Likewise, never assume that “no leak” equals “authorized.” Measurement success only means you achieved the configuration you intended; authority to do so is a separate conversation with your institution. Present logs calmly when asking IT for help—dual-stack oddities stump professionals too, especially when MDM profiles fight user toggles.

10. Closing Thoughts

In 2026, Clash TUN remains one of the clearest ways to unify how applications reach the internet—once you stop pretending that enabling a toggle rewrites physics. On IPv4/IPv6 dual-stack links, success means aligning three stories: what the OS exposes, what the mihomo core forwards, and what DNS hands applications before Happy Eyeballs even starts. When those tales diverge, users blame nodes; engineers blame routers; the honest answer is usually parallel internets. Compared with opaque consumer VPNs, Clash-family stacks still reward methodical readers: your logs show escaped families, your YAML closes the gap, and your next subscription refresh is less terrifying because your configuration is versioned. That observability is the quiet advantage—especially when IPv6 is not an exotic future protocol but a mainstream default path on carrier networks worldwide.

When you are ready to standardize on maintained clients and curated installers, prefer distribution channels that ship security patches promptly and document tunnel prerequisites transparently—then apply the checklist above whenever a network introduces global IPv6 or aggressive secure DNS. Against one-click apps that hide stack mismatches until leak tests sting, Clash’s log-first workflow remains the practical edge. Browse our download center for current builds, validate dual-stack behavior with the staged tests in section eight after every major OS upgrade, and treat recurring leaks as routing debt to pay down instead of superstition to chase. → Download Clash for free and experience the difference