Wireguard roadwarrior setup on dual stack leaks IPV6

[opnooz]

Hey all,

I'm currently running a dual stack setup. I followed the wireguard roadwarrior setup found here: https://docs.opnsense.org/manual/how-tos/wireguard-client.html ... everything is working as expected, but if a website requests my IPV6 address clients that are apart of my wireguard alias will leak IPV6 requests out my IPV6 WAN interface, and not out the tunnel. I use ProtonVPN as a provider which does not support IPV6 on the tunnel (at least to my knowledge).

The tutorial doesn't really mention how to fix this, but primarily only if I were to use a dedicated IPV6 connection. Though, I'm sure that others have ran into this same issue, does anyone know how I can set the killswitch in a way much like if the client decides to go out the v6 interface that it gets blocked, kinda like the NO_WAN_EGRESS part of the tutorial? I realize this might mean I have to either give all my local v6 addresses the same treatment or start assigning the hosts I want to force out the tunnel dedicated v6 addresses, but thought I would get an idea of how others go about doing it.

Thoughts?

Thanks in advance.