Can't ssh to EC2 instance with IPv6 address

Hi AmerQ,

Thanks for the prompt response. Yes, you are right that I don't have IPv6 support in my local machine (within my home network), my ISP just outright said that they are not supporting IPv6.

I did, however, try to connect to that instance from a different EC2 instance but not successful:

"After a while, I reckon maybe my network/router doesn't support IPv6. So I access into a different EC2 running on IPv4 which I can via SSM Agent, and then trying to ssh into the IPv6 EC2, but still didn't succeed but with a different error: network unreachable:

debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to <EC2_IPV6_Address> [<EC2_IPV6_Address>] port 22.
debug1: connect to address <EC2_IPV6_Address> port 22: Network is unreachable
ssh: connect to host <EC2_IPV6_Address>port 22: Network is unreachable
The security group for this one is also allowing outbound SSH/22. It's also in a subnet that has route to the Internet via InternetGateway

"

So I guess for the connection to work, that source EC2 instance must have an IPv6 address too? If yes, how do I achieve that? Is this possible for an EC2 instance has both IPv4 and IPv6 addresses?

Thanks for looking into this!

Tuan

Does your local machine have IPv6 assigned to it?

(IPv6 only) Get the IPv6 address of the instance. If you assigned an IPv6 address to your instance, you can optionally connect to the instance using its IPv6 address instead of a public IPv4 address or public IPv4 DNS hostname. Your local computer must have an IPv6 address and must be configured to use IPv6. Source: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-to-linux-instance.html

Hello,

Please consider that the whole pass should support IPV6 , Starting from EC2 ENI until the EC2 ENI of the Destination.

Enabling IPv6 on an existing EC2 instance involves several key steps.

Here is a step-by-step guide to enabling IPv6 on an existing EC2 instance:

1. Enable IPv6 in VPC Settings: Start by adding a new IPv6 CIDR to your Virtual Private Cloud (VPC).
2. Add IPv6 Subnet to EC2 Subnet: Identify the subnet where your EC2 instance is located and add an IPv6 subnet to it.
3. Assign IPv6 Address: Associate an IPv6 address with your EC2 instance using either the AWS Management Console or the AWS CLI.
4. Add IPv6 Default Route to Subnet Routing Table with IGW Destination: Update the routing table associated with the subnet to include a default route for IPv6 with the Internet Gateway (IGW) as the destination. "This connection will be through the Internet"
5. Update Security Group: Modify the security group linked to your EC2 instance to permit incoming IPv6 traffic on the SSH port (default is 22). If there is no existing inbound rule for IPv6, create one."That will expose the internet to the internet so Try to Limit the Source in the Security Group"
6. Repeat these Steps again on the Destination EC2
7. Check the Path if it support IPV6 (Peering, Transit gateway If Available)
8. Test Connection: With IPv6 now enabled, use the assigned IPv6 address to establish your Connection to your EC2 instance.

This is Also a Good Reference: https://aws.amazon.com/blogs/networking-and-content-delivery/dual-stack-ipv6-architectures-for-aws-and-hybrid-networks/

Thanks Shmosa,

I got it working the other day. I agree the basic principle is that both source and destination must support IPv6 (i.e having IPv6 address). Then, a route from the source to destination must exist and not be blocked (RouteTable, Security Group, NACL, etc.)

Appreciate that you looked into this question regardless.

Best, Tuan