Enterprises unaware of the role IPv6 plays on remote users’ devices run the risk that these machines might access banned sites despite using VPNs that are meant to restrict what they access.
This hole stems from the fact that some of these remote-access VPNs are configured to inspect and apply security controls only to IPv4 traffic as it passes through a VPN concentrator without enabling similar protections for IPv6 traffic.
This leaves IPv6 traffic free to access the Internet directly without those controls being applied. Known as IPv6 VPN breakout, the issue is well known yet often remains overlooked.