IPSec with mixed IPv4 and IPv6



  • Hey guys,

    i bought the pfsense book recently to gain a little bit more knowledge about how things work in pfsense and to improve my general network knowledge a little bit.
    I am currently trying to understand the IPSec section and even though i still got a lot of stuff to learn about it i wanna put it into practice and create an ipsec tunnel between two endpoints.
    (Router to Router, both machines have pfsense installed)

    Unfortunately i am not getting a static IPv4 from my ISP but instead a CGN`nd IPv4 and optional an IPv6 for my wan interface including a /64 prefix for other interfaces.
    My question now is, if it is possible to create the tunnel between both pfsense machines with IPv6 while networks behind those routers can still be in IPv4.
    Would that create problems when i create an IPSec tunnel or is this a rather usual configuration in cases where you only have IPv6 adresses that are routable in the internet.

    I hope someone can sh.ed some light on this for me.

    Thank you
    Dennis



  • Mixing of protocols is not supported. IPsec between IPv6 endpoints will carry only IPv6 traffic.
    It may work when using OpenVPN instead if IPsec.

    https://doc.pfsense.org/index.php/VPN_Capability_IPsec



  • Isn`t mixed traffic (IPv4 and IPv6) supported with IKEv2 or is it just mixed traffic for phase 1 and phase 2?