IPSec tunnel ending at IPv6

  • I'm using pfSense 2.0.3.  I have "Allow IPv6" unchecked.  "IPv6 over IPv4 Tunneling" is unchecked as well.  I have created an IPSec VPN and can successfully connect from my phone.  Whenever I connect using the VPN, I connect to the internet via IPv6, and as such most of it doesn't work.

    Any idea why I would be using IPv6 when connecting via IPSec and how to turn it off?


  • Are you sure this isn't just a case of the VPN not working at all (effectively killing IPv4, if you set it to route everything through the VPN) and (untunneled) IPv6 being all that's left for the client?

  • That's probably the case.  I just didn't think of it originally. :)

  • Rebel Alliance Developer Netgate

    Even with those boxes set, 2.0.x did not support IPv6 in anything – especially IPsec. Those boxes would only allow you to pass IPv6 traffic to a firewall behind pfSense.

    You cannot mix IPv4 and IPv6 in an IPsec tunnel even on pfSense 2.1 where IPsec does support IPv6. The inner IP traffic family must match the outer IP traffic family. IPv4 tunnels can only carry IPv4, and IPv6 tunnels can only carry IPv6. So it's not very useful for what you're trying to do.

    On 2.1 with OpenVPN you can use both inside of an OpenVPN tunnel, including a remote access tunnel, as a way to get IPv6 Internet access over VPN.

  • Note that he said '"Allow IPv6" unchecked' – he specifically does not want IPv6.

Log in to reply