Derek Morr gave a presentation on IPv6 to the Penn State Mac Admins group on August, 15, 2008.
Enabling and disabling IPv6
Mac OS X enables IPv6 by default.
General notes on configuring IPv6 on Mac OS X may be found on the IPv6 General Notes page.
To enable, from Terminal run:
To disable IPv6, from Terminal, run:
Note, you may need to flush the DNS cache after enabling/disabling IPv6. See IPv6 Rosetta Stone page for instructions.
- Safari (although Safari 3.2.x and 4.0 mis-form the HTTP Host header when connecting to sites with IPV6 literal addresses. See Apple bug 7015651).
- FireFox 2 (note, you must enable ipv6 dns queries)
- Camino 1.5 (note, you must enable ipv6 dns queries)
- Opera 9
- Shiira 2
- OmniWeb 5.6
- iCab 4 (does not with with RFC 2732-style URLs, only AAAA hostnames).
- Flock 1.1 (note, you must enable ipv6 dns queries)
- Sunrise (does not with with RFC 2732-style URLs, only AAAA hostnames).
- Apache (on 10.5 and 10.5 Server)
- Mail.app (SMTP-over-v6 is broken on 10.4 on Intel Macs prior to Apple Security Update 2008-003).
- Thunderbird 2 (note, you must enable IPv6 DNS queries) (note, LDAP over IPv6 is not supported)
- GyazMail 1.5 and higher (but only if a literal IPv6 address is specified; this is fixed in 1.58)
Bundled OS X Utilities
- ntpd(8) / ntpdate(8)
- Perl (on 10.5)
- Screen Sharing (but only with literal addresses, enclosed in brackets, see Apple bug 6149510)
- Printing. OS X can print over IPv6 to JetDirect, LPP and IPP print queues.
- BBEdit 9, for SFTP. Literal IPv6 addresses must be enclosed in brackets.
- FileMaker Pro v10
- Address Book and Directory Utility's LDAP backend.
- iCal, for ICS feeds.
- Transmit 3 (using both hostnames and literal address (non RFC2732)). Transmit shells out to ssh.
- Interarchy (only with AAAA hostnames, IPv6 address literal addresses don't work).
- Unison 1.6.3 and higher
- FireFox (FTP, HTTP)
- Opera 9 (for FTP. In Opera 9.2x, you must use a literal IPv6 address).
- Flow, only when used for SFTP. No IPv6 support for cleartext FTP.
- the FTP daemon on Mac OS X client (not Server)
- Fugu (will work with RFC 2732-style addresses, but not with hostnames with AAAA records)
- RBrowser (for SFTP, with hostnames. No support for literal addresses. No IPv6 support for cleartext FTP.
- Safari 4.0 / Finder in 10.6 for FTP (only with hostnames. literal addresses in RFC 2372 style are not supported).
- Cyberduck 3.0b1 for cleartext FTP
- Will prefer IPv4 over IPv6. To use the correct behavior, open Terminal and run: defaults write ch.sudo.cyberduck connection.dns.ipv6 true
- The built-in ip6fw(8) firewall
- The built-in application firewall in 10.5
- WaterRoof 2.1, a graphical frontend to ipfw(8) and ip6fw(8)
- IceFloor (reportedly very buggy)
- Little Snitch 2
- Mulberry 4
- Entourage 2004 and 2008
- Microsoft Remote Desktop Connection 2 (see Microsoft bug 311662)
- openssl (s_client/s_server) (see Apple bug 5653899)
- QuickTime Streaming Server
- radmind - but Derek Morr is working on a patch to enable IPv6
- mount_nfs(8) (see Apple bug 3502191)
- For FTP, Finder and Safari in 10.4 and 10.5; partially fixed in 10.6
- The FTP daemon on OS X Server (see Apple bug 3060157)
- Flow, an FTP client, for cleartext FTP
- ForkLift 2.0.7 for cleartext FTP
- Network Utility (/Applications/Utilities)
- ipconfig(8) (see Apple bug 5952572)
- w(1) (it truncates IPv6 addresses; see Apple bug 5652949)
- rtsol(8) (see Apple bug 6077058)
- DoorStop X, a third-party firewall. Not only does it not support IPv6, but it disables the IPv6 stack.
- NoobProof, a graphical frontend to ipfw(8).
- NetBarrier X5, a third-party firewall.
- BOINC 6.6 will be unable to upload work results if you have IPv6 DNS servers. Version 5.5 works fine.
- Apple's Software Update service is not accessible over IPv6. One can, however, run a Software Update proxy service on a dual-stacked OS X Server machine.
- Apple's crash report web site (radarsubmissions.apple.com) is not accessible over IPv6.
- OS X is capable of using IPv6 DNS servers, however, the Kerberos library in OS X 10.4 is unable to lookup SRV records using IPv6 DNS. This can prevent users from being able to mount the u: drive, for example. This bug is fixed in 10.5.
- OS X does not appear to support RFC 3484 (Default Address Selection for Internet Protocol version 6)
- OS X does not come with a native DHCPv6 client. Third-party clients are in development.
- The Screen Sharing client (
/System/Library/CoreServices/Screen\ Sharing) supports IPv6 transport, but will not query for an AAAA record. To use IPv6 transport, you must enter an IPv6 address, enclosed in brackets (). (see Apple bug 5506889)
Mac OS X Server
While Mac OS X Server shares many components with Mac OS X, it has unique IPv6 support issues. Many of these issues are documented in the Network Services Administration guide for Leopard. In particular, while several services support IPv6 (DNS, firewall, POP, IMAP, SMTP, AFP, HTTP), there is no support in the Server Admin GUI for IPv6.
As noted above, the FTP daemon on OS X server does not support IPv6 (see Apple bug 3060157). Specifically, it does not support RFC 2428, which defined IPv6 extensions for IPv6. Despite this, the FTP daemon on OS X Server will bind to an IPv6 socket. So an IPv6-enabled FTP client will connect to the FTP daemon but will be unable to perform basic tasks. (see Apple bug 3060157).
The graphical firewall rule editor in Server Admin can only create rules for IPv4. If you manually create IPv6 rules using i6fw(8), those rules will be deleted the next time the graphical firewall rule editor is launched.
The graphical DNS editor does not allow AAAA records or ip6.arpa PTR records. The named daemon does bind to an IPv6 socket on 10.5 Server, however. On 10.4 Server, it only listens on IPv4.
IPv6 improvements in 10.5
- Mail.app: SMTP over IPv6 works again. In 10.4 (on Intel Macs), the EHLO was malformed.
- The last(1) and who(1) commands now list the full IPv6 address, rather than truncating them (as in 10.4).
- ndp(8) now works (it was broken in 10.4). ndp is used to display neighbor discovery information. See this page for more information.
- Perl now includes the Socket6 and IO::Socket::INET6 modules, making it possible to write IPv6-capable Perl applications.
- PHP has been upgraded to version 5.2.4, which supports IPv6.
- Apache has been upgraded to 2.2.6, which supports IPv6.
- On OS X Server, BIND now listens on IPv6 addresses.
IPv6 changes in 10.7
- IPv6 privacy addresses are enabled by default. Instructions to turn them off are on the IPv6 Security page
- DHCPv6 is supported.
- NFS client supports IPv6.
- SMB client supports IPv6.