IPv6 on OpenBSD on Hetzner’s VPSes
Posted: 2022-01-30 19:00, last updated: 2022-12-29 21:54.
There is a lot of confusion about how to get IPv6 working on Hetzner’s VPSes, especially those that run OpenBSD. The fact that there has never been – to the best of my knowledge – an official document by Hetzner on how to get started with IPv6 on their VPSes if you use OpenBSD certainly adds to the confusion.
All of the following commands must be run as root. I will assume that your primary network interface is vio0. It is very likely that this is in fact true.
The solution, however, is quite simple. First, we must assign the static IPv6 address. Second, we must route all IPv6 traffic through fe80::1 on the device vio0.
- Hetzner gives you a
/64subnet. On their network, traffic will flow to and fro your VPS using the static IPv6 address[SUBNET]::2. Configure this static address:
ifconfig vio0 inet6 2a01:4f9:c010:47e6::2/64
Of course, you must replace 2a01:4f9:c010:47e6:: with the subnet that was assigned to you. Note the 2 at the end. It is customary to use the second possible address and not, for example, 2a01:4f9:c010:47e6::1. However, the static IPv6 address ending with 1 might still work. In general, I suggest using the IPv6 address ending with 2. Also, it is imperative that you use /64 to specify the prefix length of the subnet that was assigned to you.
- Set up the route:
route add -net ::/0 fe80::1%vio0
Your VPS should now be reachable under your IPv6 address (which probably ends with 2). If everything looks fine and you can reach other IPv6 hosts as well (feel free to ping6 max.pm), you can make the configuration permanent. Edit the file /etc/hostname.vio0 and add the following line (of course adjusted to your IPv6 address):
!ifconfig vio0 inet6 2a01:4f9:c010:47e6::2/64
!route add -net ::/0 fe80::1%vio0
The line inet6 autoconf can be removed.
- Finally, and optionally, set up a reverse DNS entry. I have the following set up in
Networking→Primary IPsin the Hetzner Cloud Console:
65.21.250.187 mg.sb
2a01:4f9:c010:47e6::2 mg.sb
This can be very important to set up, for example if you run an email server.