IPv6 Intelligence

Apple Mac OS X IPv6

Apple’s Mac OS X implements its IPv6 functionality from the KAME stack, probably taking over relevant parts from FreeBSD. The reviewed release 10.4.8 implements KAME from an unknown date and version (no references or hints were found on both sides).1 The core functions of the KAME stack are integrated. Support for several newer subprotocols is not integrated into the Mac OS X base system and currently apparently not available via additional/third-party software. IPv6 is installed by default.

The IPv6 documentation in Mac OS X is very sparse.

Content from 2006, updated 2007 and April 2009
Current versions Mac OS X 10.6 (Snow Leopard), Mac OS X 10.5 (Leopard)
Tested version Mac OS X 10.4.8 (now EOL)
Documentation for there is no usable IPv6 documentation to speak of

Basic IPv6 functions


IPv6 is active by default; it can be manually activated either with the GUI network control panel or on the command line with /usr/sbin/ip6.

To start IPv6 on all interfaces: ip6 -a To disable it: ip6 -x

To enable clients accepting router advertisements (RAs), the following needs to be set: sysctl -w net.inet6.ip6.accept_rtadv=1 (Or setting ip6mode=autohost in /etc/rc.conf.)


Mac OS X prefers IPv6 if a DNS query results in IPv4 and IPv6 addresses being sent back (A and AAAA RRs).

Privacy extensions

Privacy addresses are not enabled by default. Their generation and preferred use is activated with a sysctl: sysctl net.inet6.ip6.use_tempaddr=1

Packet filter/firewall

Mac OS X includes FreeBSD’s ipfw packet filter, which apparently supports stateful IPv6 filtering.

A new command was added for control of the IPv6 firewall: ip6fw.

System & services

With Mac OS X 10.5 various system services and packages have been modified to support IPv6 (again). This includes:

Thanks to Derek Morr for pointing this out.


Tunnelling IPv4/IPv6

Configured tunnels

Mac OS X supports configured tunnels with the gif tunnel-interface. Setting up a manual tunnel requires several steps on the command line.

Beforehand, you need the following information:

IPv4-address of the host
IPv4-address of the router/tunnel-server
(Tunnel) IPv6-address of the host
(Tunnel) IPv6-address of the router

Set up the IPv4 endpoints of the tunnel: ifconfig gif0 tunnel $host-ipv4 $router-ipv4 Set up the IPv6 endpoints of the tunnel: ifconfig gif0 inet6 alias $tunnel-v6host $tunnel-v6router prefixlen 128 Set the (IPv6) default route on the tunnel: route add -inet6 default -interface gif0


Mac OS X supports automatic 6to4 tunnelling. The required 6to4 interface has to be added in the GUI network control panel.

The only required manual configuration is limited to supplying the public IPv4 6to4 anycast address (



Mac OS X does not include DHCPv6 software in the base operating system. The network control does not allow any kind of automatic configuration for IPv6 addresses or nameserver information, which could be a DHCPv6 client in disguise.

Research did not yield a DHCPv6 solution for Mac OS X; however, a port of the WIDE/KAME DHCPv6 is theoretically possible, as the Mac OS X IPv6/network stack is based on FreeBSD’s, for which WIDE DHCPv6 is available.



Mac OS X integrates the same IPv6-capable PPP daemon as Linux and Solaris — Paul’s PPP Package Homepage ppp. The PPP client is configured and controlled via the GUI network control panel under PPPoE. Configure IPv6 has to be set to Automatically. When dialling with the PPPoE tool (in the menu bar), the PPP daemon pppd automatically tries to negotiate IPv6 while establishing the PPP link (IPv6CP) and successfully creates a link-local address for the PPP interface. The IPv6 stack afterward receives RAs on the PPP link and configures an global address on the PPP interface.

After connection establishment, the default route (for IPv6) has to be put on the PPP interface (ppp0 in our case): route add -inet6 default -interface ppp0



  1. The sysctl net.inet6.ip6.kame_version was found to be set on both Mac OS X 10.4.8, 10.5 and 10.6.1 to 20010528/apple-darwin. This would indicate a KAME integration from May 2001, if the value is indeed correct.