IPsec over IPv6
-
I have a tunnel (IKEv2) which works perfekt over IPv4 endpoints.
When i change the endpoints to the IPv6 Addresses (or "Both") then the ip4 Packets will not go thru.
The Phase1 is established, and also the Phase2 comes up.
Should this work, or is mixing IPv6 and IPv4 on Phase1 and Phase2 not supported?
-
It depends on the endpoints. We have shortly tested dual-protocol (IPv6 and IPv4) endpoint with IPv4-only in the tunnel. It has mostly worked as expected with Windows 10 1803 and later, but because of https://redmine.pfsense.org/issues/9175 not at all with Windows 7 or Windows 10 before 1803.
-
As long as it's IKEv2 it should be able to carry mixed traffic in the phase 2 / child SA.
