My girlfriend is working on a project for her university studies to create a portknocker and I’m helping her out by hosting a cheap server for her to test and demo on.
As I was setting up the security group rules for her, I figured it would be cool to try out ipv6 too. Here’s a quick howto on the steps I did on AWS to get the server to also route on ipv6. I originally followed this guide, so this will be mostly the same but hopefully better formatted.
Assuming you already have an EC2 instance that you want to host on ipv6, these are the steps required. Basically what you do is add an IPv6 range for the VPC to assign from, allow for routing on IPv6 outwards, and then optionally modify your security groups to allow for the IPv6 traffic.
Add IPv6 CIDR
Next you need to add a sub-CIDR to the each of subnets you want to be IPv6 accessible. For each subnet, the steps are the same.
Actions there should be an
Edit IPv6 CIDRS
Add IPv6 CIDR, although this time it will ask you for a single byte in hex for the range. E.g.
00 is fine. Make sure it is unique for this subnet. Here’s a calculator that can help you calculate the exact range. It will be huge.
Next you need to allow for hosts inside the vpc and subnet(s) to connect back to the outside world. By default the route table for your VPC won’t be set up to allow for this.
0.0.0.0/0 route with target
igw-blabla. This is simply routing all outgoing traffic into your internet gateway. For IPv6 you just need to add a new
::/0 route with the same
That should now be everything done for the VPC settings. Next you need to assign a new address to the EC2 instance.
Actions -> Networking, select
Manage IP Addresses
Assign New IP. Leave it blank to automatically assign one. Press save and your instance should now have
an IPv6 address.
You might find that even though your EC2 instance has an IPv6 address now, it still can’t connect on whatever service you are running. Likely what you’ll need to do is update your Security Group rules for the EC2 instance, because by default it will only be configured for IPv4.
If you’re intending to allow traffic to the instance from anywhere, simply add
::/0 to the source field in your rules or select
Anywhere in the
Hopefully now you can access your instance via both IPv6 and IPv4.