diff --git a/config.go b/config.go
index 1c92a9c5..0c079585 100644
--- a/config.go
+++ b/config.go
@@ -920,22 +920,6 @@ func loadConfig() (*config, error) {
 		cfg.RawListeners = append(cfg.RawListeners, addr)
 	}
 
-	// For each of the RPC listeners (REST+gRPC), we'll ensure that users
-	// have specified a safe combo for authentication. If not, we'll bail
-	// out with an error.
-	err = lncfg.EnforceSafeAuthentication(
-		cfg.RPCListeners, !cfg.NoMacaroons,
-	)
-	if err != nil {
-		return nil, err
-	}
-	err = lncfg.EnforceSafeAuthentication(
-		cfg.RESTListeners, !cfg.NoMacaroons,
-	)
-	if err != nil {
-		return nil, err
-	}
-
 	// Add default port to all RPC listener addresses if needed and remove
 	// duplicate addresses.
 	cfg.RPCListeners, err = lncfg.NormalizeAddresses(
@@ -956,6 +940,22 @@ func loadConfig() (*config, error) {
 		return nil, err
 	}
 
+	// For each of the RPC listeners (REST+gRPC), we'll ensure that users
+	// have specified a safe combo for authentication. If not, we'll bail
+	// out with an error.
+	err = lncfg.EnforceSafeAuthentication(
+		cfg.RPCListeners, !cfg.NoMacaroons,
+	)
+	if err != nil {
+		return nil, err
+	}
+	err = lncfg.EnforceSafeAuthentication(
+		cfg.RESTListeners, !cfg.NoMacaroons,
+	)
+	if err != nil {
+		return nil, err
+	}
+
 	// Remove the listening addresses specified if listening is disabled.
 	if cfg.DisableListen {
 		ltndLog.Infof("Listening on the p2p interface is disabled!")
diff --git a/lncfg/address.go b/lncfg/address.go
index ccf3e953..66bca821 100644
--- a/lncfg/address.go
+++ b/lncfg/address.go
@@ -70,15 +70,33 @@ func EnforceSafeAuthentication(addrs []net.Addr, macaroonsActive bool) error {
 	return nil
 }
 
+// parseNetwork parses the network type of the given address.
+func parseNetwork(addr net.Addr) string {
+	switch addr := addr.(type) {
+	// TCP addresses resolved through net.ResolveTCPAddr give a default
+	// network of "tcp", so we'll map back the correct network for the given
+	// address. This ensures that we can listen on the correct interface
+	// (IPv4 vs IPv6).
+	case *net.TCPAddr:
+		if addr.IP.To4() != nil {
+			return "tcp4"
+		}
+		return "tcp6"
+
+	default:
+		return addr.Network()
+	}
+}
+
 // ListenOnAddress creates a listener that listens on the given address.
 func ListenOnAddress(addr net.Addr) (net.Listener, error) {
-	return net.Listen(addr.Network(), addr.String())
+	return net.Listen(parseNetwork(addr), addr.String())
 }
 
 // TLSListenOnAddress creates a TLS listener that listens on the given address.
 func TLSListenOnAddress(addr net.Addr,
 	config *tls.Config) (net.Listener, error) {
-	return tls.Listen(addr.Network(), addr.String(), config)
+	return tls.Listen(parseNetwork(addr), addr.String(), config)
 }
 
 // IsLoopback returns true if an address describes a loopback interface.