Department of Defense
High Performance Computing Modernization Program

Enabling IPv6

In Apple macOS (all versions), OS X (all versions), and Mac OS X (versions 10.3 Panther and later), Internet Protocol version 6 (IPv6) is on by default. No action is necessary to enable IPv6. It was also supported in Mac OS X versions 10.0 Cheetah, 10.1 Puma, and 10.2 Jaguar but turned off by default.

In the absence of applicable policy or guidance about hardening to guard against potential IPv6-related attacks, a guide for configuring Apple macOS (all versions) is provided by this article and OS X (versions 10.10 Yosemite and 10.11 El Capitan) is provided by this article.

For macOS (all versions), OS X (all versions), and Mac OS X (version 10.6 Snow Leopard), follow these instructions to manually enable IPv6.

If the following features are enabled, it is recommended that they be disabled as shown here:

    1. File Sharing in OS X (all versions) and Mac OS X (all versions) and
    2. AirDrop in OS X (all versions) and Mac OS X (all versions), 

Re-enabling IPv6

To re-enable IPv6 in macOS (all versions) and OS X (version 10.8 Mountain Lion and later) if it has been disabled for some reason, use the command line

networksetup -setv6automatic Wi-Fi

(and reissue the command line again for Ethernet and any other network interfaces you want to re-enable IPv6 on). Once IPv6 has been re-enabled for an interface, you can then use the System Preferences - Network panel as described in the next paragraph to manually assign its address settings.

To re-enable IPv6 in OS X (version 10.7 Lion)  and Mac OS X (all versions), open the System Preferences - Network panel. Go into the properties for each network interface and click on the Advanced - TCP/IP tab. Then click the Configure IPv6 button and set the menu to On. Click OK and then Apply Now. Close System Preferences. Note: If you want to manually assign the router's IPv6 address, choose Manually from the Configure IPv6 pop-up menu rather than just setting the menu to On. Then you can enter your system's IPv6 address and the router address and network prefix length.

If you insist on using the command line, the command to turn IPv6 on for all network interfaces is

/usr/sbin/ip6 -a

Privacy addresses were disabled by default in OS X (version 10.7 Lion) and Mac OS X (all versions). Since then they have been enabled by default in macOS (all versions) and OS X (versions 10.8 Mountain Lion and later). To disable their use with a sysctl (which must be executed each time the system is restarted):

sysctl –w net.inet6.ip6.use_tempaddr=0

while to permanently disable them, place the following in /etc/sysctl.conf

net.inet6.ip6.use_tempaddr=0

or, if that variable is already defined change its value to zero.  Next, restart the system. To temporarily re-enable their use after they have been permanently disabled, use the sysctl:

sysctl –w net.inet6.ip6.use_tempaddr=1

and to specify how often the address is recomputed (XX is in seconds), use the sysctl

sysctl -w net.inet6.ip6.temppltime=XX

To permanently re-enable them, change the value of net.inet6.ip6.use_tempaddr in /etc/sysctl.conf to 1, or place the following lines in /etc/sysctl.conf (XX is in seconds):

net.inet6.ip6.use_tempaddr=1
net.inet6.ip6.temppltime=XX

and restart the system.


Top