Apple Mac OS X IPv6
Apple’s Mac OS X implements its IPv6 functionality from the KAME stack, probably taking over relevant parts from FreeBSD. The reviewed release 10.4.8 implements KAME from an unknown date and version (no references or hints were found on both sides).1 The core functions of the KAME stack are integrated. Support for several newer subprotocols is not integrated into the Mac OS X base system and currently apparently not available via additional/third-party software. IPv6 is installed by default.
The IPv6 documentation in Mac OS X is very sparse.
|Content from||2006, updated 2007 and April 2009|
|Current versions||Mac OS X 10.6 (Snow Leopard), Mac OS X 10.5 (Leopard)|
|Tested version||Mac OS X 10.4.8 (now EOL)|
|Documentation for||there is no usable IPv6 documentation to speak of|
Basic IPv6 functions
IPv6 is active by default; it can be manually activated either with the GUI network control panel or on the command line with /usr/sbin/ip6.
To start IPv6 on all interfaces:
To disable it:
To enable clients accepting router advertisements (RAs), the following needs to be set:
sysctl -w net.inet6.ip6.accept_rtadv=1
(Or setting ip6mode=autohost in /etc/rc.conf.)
Mac OS X prefers IPv6 if a DNS query results in IPv4 and IPv6 addresses being sent back (A and AAAA RRs).
Privacy addresses are not enabled by default. Their generation and preferred use is
activated with a sysctl:
Mac OS X includes FreeBSD’s ipfw packet filter, which apparently supports stateful IPv6 filtering.
A new command was added for control of the IPv6 firewall: ip6fw.
System & services
With Mac OS X 10.5 various system services and packages have been modified to support IPv6 (again). This includes:
- Mail.app, with functioning IPv6 SMTP
- Perl with IPv6 modules/libraries
- Working NDP
- Apache HTTP server with IPv6
- PHP with IPv6
- On OS X Server: BIND DNS server with IPv6
Thanks to Derek Morr for pointing this out.
Mac OS X supports configured tunnels with the gif tunnel-interface. Setting up a manual tunnel requires several steps on the command line.
Beforehand, you need the following information:
- IPv4-address of the host
- IPv4-address of the router/tunnel-server
- (Tunnel) IPv6-address of the host
- (Tunnel) IPv6-address of the router
Set up the IPv4 endpoints of the tunnel:
ifconfig gif0 tunnel $host-ipv4 $router-ipv4
Set up the IPv6 endpoints of the tunnel:
ifconfig gif0 inet6 alias $tunnel-v6host $tunnel-v6router prefixlen 128
Set the (IPv6) default route on the tunnel:
route add -inet6 default -interface gif0
Mac OS X supports automatic 6to4 tunnelling. The required 6to4 interface has to be added in the GUI network control panel.
The only required manual configuration is limited to supplying the public IPv4 6to4 anycast address (220.127.116.11).
Mac OS X does not include DHCPv6 software in the base operating system.
The network control does not allow any kind of
for IPv6 addresses or nameserver information, which could be a DHCPv6 client in disguise.
Research did not yield a DHCPv6 solution for Mac OS X; however, a port of the WIDE/KAME DHCPv6 is theoretically possible, as the Mac OS X IPv6/network stack is based on FreeBSD’s, for which WIDE DHCPv6 is available.
Mac OS X integrates the same IPv6-capable PPP daemon as Linux and Solaris —
Paul’s PPP Package Homepage
The PPP client is configured and controlled via the GUI network control panel under
Configure IPv6 has to be set to Automatically.
When dialling with the PPPoE tool (in the menu bar), the PPP daemon pppd automatically
tries to negotiate IPv6 while
establishing the PPP link (IPv6CP) and successfully creates a link-local address for the
PPP interface. The IPv6 stack afterward receives RAs on the PPP link and configures an
global address on the PPP interface.
After connection establishment, the default route (for IPv6) has to be put on the PPP interface
(ppp0 in our case):
route add -inet6 default -interface ppp0
- The sysctl net.inet6.ip6.kame_version was found to be set on both Mac OS X 10.4.8, 10.5 and 10.6.1 to 20010528/apple-darwin. This would indicate a KAME integration from May 2001, if the value is indeed correct. ↑