diff --git a/dia.yml b/dia.yml
index 11aa1bc..2a11c2c 100644
--- a/dia.yml
+++ b/dia.yml
@@ -1,12 +1,24 @@
 ---
 - hosts: dia.invidious.io
   handlers:
+    - name: restart networking
+      systemd:
+        name: networking
+        state: restarted
+
     - name: restart ssh
       systemd:
         name: sshd
         state: restarted
 
   tasks:
+    - name: HE IPv6 network config
+      copy:
+        src: he-ipv6
+        dest: /etc/network/interfaces.d/he-ipv6
+        mode: 0644
+      notify: restart networking
+
     - name: SSH config
       template:
         src: sshd_config.j2
diff --git a/files/he-ipv6 b/files/he-ipv6
new file mode 100644
index 0000000..a1492f2
--- /dev/null
+++ b/files/he-ipv6
@@ -0,0 +1,8 @@
+auto he-ipv6
+iface he-ipv6 inet6 v4tunnel
+        address 2001:470:1f1c:685::2
+        netmask 64
+        endpoint 216.66.88.98
+        local 93.95.230.186
+        ttl 255
+        gateway 2001:470:1f1c:685::1
diff --git a/host_vars/dia.invidious.io/main.yml b/host_vars/dia.invidious.io/main.yml
index a61c2d6..a6e0212 100644
--- a/host_vars/dia.invidious.io/main.yml
+++ b/host_vars/dia.invidious.io/main.yml
@@ -6,3 +6,7 @@ unattended_origins_patterns:
   - 'origin=Debian,codename=${distro_codename},label=Debian-Security'
   - 'origin=Debian,codename=${distro_codename}-security,label=Debian-Security'
   - 'o=Debian,codename=${distro_codename},label=Debian'
+
+docker_daemon_options:
+  experimental: true
+  ip6tables: true
\ No newline at end of file
diff --git a/templates/compose/redirect.yml b/templates/compose/redirect.yml
index 03bcfa6..b5a1d9b 100644
--- a/templates/compose/redirect.yml
+++ b/templates/compose/redirect.yml
@@ -8,3 +8,11 @@ services:
     # disable (spammy logs)
     logging:
       driver: "none"
+
+networks:
+  default:
+    enable_ipv6: true
+    ipam:
+      config:
+        - subnet: 2001:0DB9::/112
+          gateway: 2001:0DB9::1