Articles

Enable IPv6 on DigitalOcean Droplets (2026)

April 16, 2026 6 min read

DigitalOcean Droplets don’t just support IPv6; they actively prefer it, and if you don’t configure it correctly, your Droplet might not be able to talk to the outside world at all.

Let’s see this in action. Imagine you have a simple web server running on a Droplet.

# On your Droplet
curl -6 ipv6.google.com

If this command hangs or returns an error, your IPv6 is probably not set up right. But if it works, you’ll see an HTML response from Google. Now, let’s try to access your Droplet from outside using its IPv6 address. You’d need to know your Droplet’s IPv6 address first. You can find it in your DigitalOcean control panel, or via the ip addr show eth0 command on the Droplet itself.

Let’s say your Droplet’s IPv6 address is 2001:db8:1:2:3:4:5:6. From your local machine, you’d try:

# On your local machine
curl -6 2001:db8:1:2:3:4:5:6

If this fails, but curl 2001:db8:1:2:3:4:5:6 (using IPv4) works, then your IPv6 connectivity from the Droplet is likely fine, but your IPv6 to the Droplet is broken.

The core problem DigitalOcean solves is simplifying the complex world of IPv6 routing and addressing. You don’t have to manage BGP or procure your own Provider Independent (PI) address space. DigitalOcean gives each Droplet a unique, routable IPv6 address from their allocated blocks. The magic happens at DigitalOcean’s network edge. When traffic destined for your Droplet’s IPv6 address arrives at their routers, they know exactly which Droplet to send it to. The Droplet’s network interface then receives this IPv6 packet and processes it.

To enable IPv6 on your Droplet, you just need to ensure two things:

  1. DigitalOcean has assigned an IPv6 address: This is usually automatic when you create a Droplet. You can verify this by logging into your Droplet and running ip addr show eth0. Look for an inet6 entry that isn’t ::1/128 (that’s the loopback address). You should see something like inet6 2001:db8:abcd:ef01:2345:6789:abcd:ef01/64 scope global.

  2. Your Droplet’s firewall and OS are configured to accept IPv6 traffic: This is where most issues arise.

    • UFW (Uncomplicated Firewall): If you’re using UFW, it often defaults to denying IPv6 traffic even if the interface has an address. You need to explicitly allow it.

      • Diagnosis: Check UFW status: sudo ufw status verbose. Look for rules that might be blocking IPv6.
      • Fix: Edit /etc/default/ufw and change IPV6=no to IPV6=yes. Then reload UFW: sudo ufw reload. After this, ensure your specific port rules are also IPv6 enabled. For example, if you have sudo ufw allow ssh, it might only apply to IPv4. You might need sudo ufw allow 'OpenSSH' (which applies to both) or explicitly sudo ufw allow 22/tcp and then sudo ufw allow 22/tcp from any to any (which UFW will apply to IPv6 if enabled). A more direct way for specific ports: sudo ufw allow from any to any port 80 proto tcp.
      • Why it works: UFW’s IPV6=yes directive tells the firewall framework to process IPv6 packets. By default, it might be set to no to prevent accidental exposure if IPv6 isn’t fully configured on the system. Explicitly allowing ports ensures that the kernel’s IPv6 stack can pass traffic to your applications.

    • sysctl settings: The Linux kernel’s network stack can be configured to ignore or accept IPv6.

      • Diagnosis: Check current settings: sysctl net.ipv6.conf.all.disable_ipv6 and sysctl net.ipv6.conf.default.disable_ipv6. If either returns 1, IPv6 is disabled at the kernel level.
      • Fix: Edit /etc/sysctl.conf or a file in /etc/sysctl.d/ and ensure these lines are set to 0:
        net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
        Apply the changes immediately: sudo sysctl -p.
      • Why it works: These sysctl parameters control whether the kernel’s IPv6 module is active for all network interfaces (all) and for newly created interfaces (default). Setting them to 0 enables the IPv6 stack, allowing packets to be processed.

    • Network Manager (less common on DigitalOcean): If you’re running a desktop-like environment or have explicitly installed Network Manager, it can sometimes interfere.

      • Diagnosis: Check nmcli connection show and look for your primary interface (e.g., eth0). See if IPv6 is set to ignore or disabled.
      • Fix: For the specific connection (e.g., eth0), set IPv6 to auto: sudo nmcli connection modify eth0 ipv6.method auto.
      • Why it works: Network Manager controls network interface configuration. Setting ipv6.method auto tells it to use DHCPv6 or SLAAC (Stateless Address Autoconfiguration) if available, or to simply not interfere if the OS is handling it. On cloud VMs, this is often unnecessary as systemd-networkd or netplan are used, but it’s a potential conflict.

    • Older OS versions / specific network configurations: In rare cases, older distributions or custom network configurations might have explicit entries in /etc/network/interfaces (Debian/Ubuntu) or equivalent for IPv6.

      • Diagnosis: Inspect /etc/network/interfaces for iface eth0 inet6 lines.
      • Fix: Ensure the configuration is set to auto or dhcp if you expect DHCPv6, or that it’s not explicitly disabled. For DigitalOcean, you typically don’t need to touch this file; the /64 prefix is globally routed and the Droplet receives its address via SLAAC.
      • Why it works: This file is the traditional way to configure network interfaces on Debian-based systems. If it contains a conflicting or incorrect IPv6 configuration, it can prevent the interface from properly obtaining or using its assigned address.

    • Application Binding: Your application might be configured to listen only on IPv4 addresses.

      • Diagnosis: Check your application’s configuration files (e.g., Nginx listen directives, Apache Listen directives, Node.js server.listen() calls).
      • Fix: For Nginx, change listen 80; to listen [::]:80; to listen on both IPv4 and IPv6. For Apache, ensure Listen 80 and Listen 80 are present, or Listen 80 and Listen [::]:80. If explicitly binding to an IP, change 0.0.0.0 to :: or remove the IP altogether to bind to all available addresses (IPv4 and IPv6).
      • Why it works: By default, many applications bind to 0.0.0.0, which means "all available IPv4 addresses." The equivalent for IPv6 is :: (the unspecified address). Explicitly telling your application to listen on [::]:80 or :: ensures it can accept incoming IPv6 connections on that port.

Most commonly, the UFW IPV6=no setting or the disable_ipv6 sysctl parameters are the culprits. Fix those, and your Droplet should start responding to IPv6 requests.

Once you have IPv6 working, the next hurdle is understanding IPv6 DNS resolution and how to ensure your applications are correctly configured to use IPv6 addresses when available.

Want structured learning?

Take the full Digitalocean course →