My girlfriend is working on a project for her university studies to create a portknocker and I’m helping her out by hosting a cheap server for her to test and demo on.
As I was setting up the security group rules for her, I figured it would be cool to try out ipv6 too. Here’s a quick howto on the steps I did on AWS to get the server to also route on ipv6. I originally followed this guide, so this will be mostly the same but hopefully better formatted.
Assuming you already have an EC2 instance that you want to host on ipv6, these are the steps required. Basically what you do is add an IPv6 range for the VPC to assign from, allow for routing on IPv6 outwards, and then optionally modify your security groups to allow for the IPv6 traffic.
1. Add an IPv6 CIDR to the VPC
- Go to your VPC Dashboard.
- Select the VPC the EC2 instance is in, under
Actions
selectEdit CIDRs
- Press
Add IPv6 CIDR
2. Set up the Subnet IPv6 CIDR
Next you need to add a sub-CIDR to the each of subnets you want to be IPv6 accessible. For each subnet, the steps are the same.
- Go to the subnets dashboard, filter by the VPC.
- Select the subnet you want to add IPv6 to, and again under
Actions
there should be anEdit IPv6 CIDRS
- Again you just need to
Add IPv6 CIDR
, although this time it will ask you for a single byte in hex for the range. E.g.00
is fine. Make sure it is unique for this subnet. Here’s a calculator that can help you calculate the exact range. It will be huge.
3. Add IPv6 to the VPC Route Table
Next you need to allow for hosts inside the vpc and subnet(s) to connect back to the outside world. By default the route table for your VPC won’t be set up to allow for this.
- Go to the Route Table’s dashboard and select the one for your VPC.
- Under
Actions
, selectEdit routes
- Probably you’ll see a table with a
0.0.0.0/0
route with targetigw-blabla
. This is simply routing all outgoing traffic into your internet gateway. For IPv6 you just need to add a new::/0
route with the sameigw-blabla
target.
4. Assign an IPv6 Address to your EC2 Instance
That should now be everything done for the VPC settings. Next you need to assign a new address to the EC2 instance.
- Go to your EC2 dashboard and select your instance.
- Under
Actions -> Networking
, selectManage IP Addresses
- In the IPv6 Addresses table, press
Assign New IP
. Leave it blank to automatically assign one. Press save and your instance should now have an IPv6 address.
Optional: Modify Security Group to allow ports on IPv6
You might find that even though your EC2 instance has an IPv6 address now, it still can’t connect on whatever service you are running. Likely what you’ll need to do is update your Security Group rules for the EC2 instance, because by default it will only be configured for IPv4.
If you’re intending to allow traffic to the instance from anywhere, simply add ::/0
to the source field in your rules or select Anywhere
in the
dropdown.
Done 🍾
Hopefully now you can access your instance via both IPv6 and IPv4.