Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.

Enable IPv6 by default on account creation

James Tandy shared this idea 8 years ago
Open Discussion

As a web hosting provider (including non-root resellers), I would like the option to have IPv6 enabled when new accounts are created.

Replies (4)

photo
1

Should work like ipv4 adress delegation.

i dont need a seperate ipv6 per customer, they can all be on one shared ipv6 and if i decide to give the package a separate ipv6 then i will do it manually, or via api or something else. like the ipv4 actual behavior.

The reason for this is, e.g. blacklists tends to block /64 subnets. If one (1) ! ip sends spam from a hacked account, the server subnet is blocked mostly completly. Why should i do the work and set every customer an ipv6?

photo
1

You can not prevent spam blacklist with multiple IP's but there are lot of other abuses that single IP per account can solve. For example DDoS attack on network layer. You will know exactly which account is under attack, and it can help to isolate client, null route just single IP, etc.

I think that cPanel should auto assign (optionally) separate IPv6 address per account, even when the server have shared IPv4 or if it does not have, than only IPv6 should be assigned, but it really should be a separate IPv6 address per account.

photo
1

Martin +1 ;-)


the shared ipv4 adres is de default for new vhosts.

please add the ipv6 shared adres also. please.... Now it's all manual work. can we "cron" this job ??

photo
3

Run this script from your cron every X hours to add the shared IPV6 adres to the vhost config:


#!/bin/bash

#

/bin/ls -1 /var/cpanel/users | while read USER; do

/bin/echo "Now processing ${USER} ..."

/usr/sbin/whmapi1 ipv6_enable_account user=${USER} range=SHARED;

done

photo
photo
1

We run a clean ship and are quick to respond to abuse reports and feedback loops; also we monitor our mail logs for abnormal behaviour yet every once in a while we still get blacklisted (delisting does not take long, fortunately) which in some cases causes trouble for our customers.


With IPv6 it is easier to minimalize the impact accounts have on each other if one gets blacklisted - it should not affect another. While industry practices are not very well defined yet but it is likely to assume that DNSBLs would prefer to block a /64 instead of a /48. Therefore ideally each server would be assigned a /48 or a /56 and every account its own /64.


Spamhaus has already stated that they have no intention of blocking any netblock smaller than /64: https://www.spamhaus.org/organization/statement/012/spamhaus-ipv6-blocklists-strategy-statement


Since not every company has the luxury of having a /48 or a /56 per server, this should probably be optional but nonetheless preferable due to the other benefits (like mentioned above, dealing with abuse [DDoS, and such]).

photo
1

I take after all this time that IPv6 has been mainstream. cPanel has still not enabled the option to create new accounts with IPv6 as a default option. Which means I have to manually set an IPv6 address each and every time a new account has been created under the IPv4 default shared address.


I'm really surprised by all of this. Especially as cPanel started adding IPv6 functionality say around 6-7 years ago now? Maybe even longer. When can we expect this as a standard feature? It would be useful to know for my freelancing work.

photo
1

Would really love to see this implemented. I've noticed that it already happens for transferred accounts as I'm in the process of moving all accounts off of an old server that didn't have IPv6 to a new one that does and those have all had the default IPv6 address enabled by default when I transfer them.

But not having that on new accounts still trips me up as I occasionally forget to do it manually and then run into issues with autossl or just loading the site from some locations when it tries to use the IPv6 address I configured in DNS but forgot to manually enable since cpanel isn't doing it automatically on new accounts. Having it work automatically like it does for transferred accounts would save a lot of confusion and time!

photo
1

just run this script every hour from your cron:

every account without ipv6 enabled will be added with the shared ipv6 adres. a simple fix/workaround.

Regards


Arjen Essink.


---

Run this script from your cron every X hours to add the shared IPV6 adres to the vhost config:


#!/bin/bash

#

/bin/ls -1 /var/cpanel/users | while read USER; do

/bin/echo "Now processing ${USER} ..."

/usr/sbin/whmapi1 ipv6_enable_account user=${USER} range=SHARED;

done


photo
1

Well... we would like to have an IPv6 address automatically assigned, from a specific range... We are not using a shared IPv6 and have a /64 range on each server. For this reason, I am using a slightly modified version of Arjen's script...

#!/bin/bash
RANGE=$(whmapi1 ipv6_range_list | grep name: | awk '{print $2}')
ls -1 /var/cpanel/users | while read USER; do
echo "Now processing ${USER} ..."
whmapi1 ipv6_enable_account user=${USER} range=${RANGE};
done

photo
2

How come cPanel haven’t made this standard yet?

Ideally in tweak settings their should be ability to enable all new accounts to have a dedicated IPv6 as well as a tool to mass enable it for all existing domains (like they did with spf tool)

photo
1

No update on this?

photo
Leave a Comment
 
Attach a file