Page tree
Skip to end of metadata
Go to start of metadata

This document is for a previous release of cPanel & WHM. To view our latest documentation, visit our Home page.

For cPanel & WHM 11.46

(Home >> IP Functions >> Enable IPv6)

Overview

When you enable IPv6 on a server, you can assign an IPv6 address to accounts on that server. This feature allows users with root access to assign an IPv6 address to a specific account. For more information about IPv6, read our IPv6 documentation.

Warnings:

  • Each account maintains ownership of its IPv4 address.
  • If you assign an IPv6 address to an account, you essentially double the IP addresses assigned to that account.
  • Though IPv6 addresses are plentiful, you should be aware of the ability and capacity of your server. You can bind up to 512 IPs (both IPv4 and IPv6 addresses) to a server before the server starts to overload. For more information about how you can adjust your server to help it handle high volumes of IP addresses, navigate to the High IP volume adjustments section.
  • When you use this feature to enable IPv6, the system erases any IPv6 addresses that you assigned without this feature for selected users.

Important:

If you use IPv6, the service network restart command will remove the IPv6 addresses from the network device. To restart your IPv6 configuration, you must run the /etc/init.d/cpipv6 restart command after you restart the network service. For more information, read the cpipv6 script documentation.

High IP volume adjustments

The IPv6 RFCs allow a large number of IP addresses on each server. However, the Linux kernel, userland tools, and daemons are still limited by available resources and cannot handle large assignments of IP addresses. Below are some general guidelines to help bind several IP's to a server:

  • If you have up to 512 IP addresses, use the BIND nameserver.
    • The BIND nameserver binds to all IP addresses on a server, so it will not clutter the /etc/named.conf file.

      Warning:

      We strongly recommend that you use BIND if you assign more than 512 IPv6 addresses, or if you require nameservers to be cached.

  • If you have over 2,000 IPs, you may need to adjust the sysctl variable in the /proc/sys/net/ipv6/route/max_size file.The default variable is 4096.

    • After you bind 2,000 IPs to the server, you may see the following error:

       SIOCSIFADDR: Cannot allocate memory error.
    • Run the sysctl net.ipv6.route.max_size=new value command to increase the limit of bound IP addresses in the /proc/sys/net/ipv6/route.max_size file and remove this error.
      • For example, run sysctl net.ipv6.route.max_size=65535 to increase the limit of IP addresses bound to a server.

What will IPv6 affect?

When you enable IPv6 for an account, the system changes that account's Apache configuration, DNS zone files, and /var/cpanel/userdata configuration files to accommodate the new IPv6 address.

Apache

When you install IPv6 on a server, the system sets the Listen directive to Listen[::]:80, which listens on all IPv6 addresses on the server.

Apache sets a NameVirtualHost directive, and then adds the IPv6 address for a domain to the VirtualHost directives for each domain.

The virtual hosts change from VirtualHost IPv4 address:port to VirtualHost IPv4 address [IPv6 address]:port. For example:

<VirtualHost 12.34.54.67:80 [2001:db8:28a0:2004:227:eff:fe1d:f770]:80>
  ServerName: dorothy1.net
  ServerAlias www.dorothy1.net
  ...etc...
</VirtualHost>

 

 

Note:

For more information about the Apache configuration, read our Apache documentation.

DNS

When you install IPv6 on a server, the IPv4 address in your DNS zone files will remain, but the system adds an additional IPv6 AAAA entry to the DNS zone file. For example:

example.com IN AAAA 2001:db8:28a0:2004:227:eff:fe1d:f770 

The system assigns an IPv6 address to an account and deploys it to each domain.

MyDNS and NSD both support up to 512 IP addresses. This is sufficient for a VPS with limited IP addresses.

 

Note:

  • Currently, BIND is the only daemon that fully supports IPv6.
  • For more information about the DNS zone files, read our DNS zone files documentation.

IPv6 configuration

The /var/cpanel/userdata files for an account list the current IPv4 address for an account. When you enable IPv6, the system will also include IPv6 address in this file.

The system adds the following files to the /var/cpanel/userdata files:

/etc/cpanel/ipv6
/etc/cpanel/ipv6/range_allocation_data

Select an Account

To select an account whose IPv6 information you wish to review, perform the following steps:

  1. Select a username whose IPv6 address information you want to review.
    • Usernames are listed in alphabetical order.
    • To search for a specific username or primary domain, enter the username or primary domain in the Filter Accounts field. The system lists all of the account usernames that match your entry.
    • Click  to select all accounts.

      Note:

      An enabled account maintains its IPv6 address information even if you enable it again with a different IPv6 address range.

    • To select more than one account, press shift and select additional accounts.
    • Accounts with an IPv6 address are labeled ENABLED in the list.
  2. After you select an account, you will see the account's information in a blue box. The system pulls this information from the account's /var/cpanel/userdata files.
    • If the system has not assigned an IPv6 address to an account, you will see a notification that there are no IPv6 addresses assigned to this account. To assign an IPv6 address to this account, perform the following steps:
      1. Select the name of a range from which you wish to assign an IPv6 address.
        • If the system did not add any IPv6 address ranges, you can add them with WHM's IPv6 Ranges feature (Home >> IP Functions >> IPv6 Ranges).
        • The IPv6 address range that you select must have IPv6 addresses available.

          Note:

          Reserved IPv6 address ranges will not show in this list.

      2. Click Enable Account to assign an IPv6 address to the selected account.
        • When you enable IPv6 on an account, the system binds that IPv6 address to your server.
    • If the account has been assigned an IPv6 address, the interface displays the following information:
      • IPv6 Address — The IPv6 address associated with the account.
      • Primary Domain — The main domain associated with the account.
      • IPv6 Proxy Subdomain — This link takes you to ipv6.example.com, which resolves the newly assigned IPv6 address. This URL shows the website's home interface.
      • Click Disable Account to remove the IPv6 address assigned to the account.
        • When you disable IPv6 on an account, the system unbinds that IPv6 address from your server.
        • When you disable IPv6 on the account, it loses that specific IPv6 address. If you enable IPv6 on that account again, the system assigns it a different IPv6 address.

           

IPv6 Firewall Script

The IPv6 Firewall script helps you manage your IPv6 firewall. Any user with root privileges can run the IPv6 Firewall script. Run this script if either of the following statements are true:

  • You do not need to manage your IPv6 firewall rules with any other tools or utilities.
  • You are unable to connect to your IPv6 addresses or IPv6 enabled websites on port 80.

Run the /usr/local/cpanel/scripts/configure_rh_ipv6_firewall_for_cpanel script to perform the following actions:

  • Open port 22 for SSH
  • Open port 53 for DNS
  • Open port 80 for HTTP

Note:

The rules that the IPv6 firewall script creates are persistent, and they remain active even if you reboot the server.

Apache warnings

If you receive an Apache must be recompiled or an Apache should be recompiled warning at the top of the Enable IPv6 interface, you should recompile EasyApache. To do this, perform the following steps:

  1. Navigate to WHM's EasyApache interface (Home >> Software >> EasyApache (Apache Update)).
  2. Click Build Profile Now to recompile Apache.
    • You do not need to adjust any of your options.

After EasyApache recompiles, you will no longer see any warning messages when you return to the return to the Enable IPv6 interface,.

Additional information

When you assign an IPv6 address to an account, that account will still have its original IPv4 address. The original IPv4 address is still fully functional in the WHM interface.

When IPv6 in enabled on an account, all users, resellers, subdomains, and addon domains that are associated with the account will share the same IPv6 address.

Each server with IPv6 enabled has an IPv6 address. You cannot assign that IPv6 address to accounts.

You should not assign the server's main IPv6 address to an account.

  • The IPv6 address assigned to your server may be a Stateless Autoconfigured Address (SLAAC) based on your MAC address. This address is tied directly to your hardware and will change if your hardware changes.
    • For example, if you replace your ethernet card, the new card will receive a new IPv6 address, and the VirtualHosts that are associated with the old address will have the wrong IPv6 address.

Binaries such as ifconfig and netstat use the net-tools package. Install the iproute2 package and run the ip and ss commands.