I installed 5.0rc8 yesterday hoping to take advantage of the new IPv6 support for IPsec. However, I was disappointed to discover that the router will not let me configure an IPsec tunnel policy where the source and destination addresses are IPv6 and the endpoints are IPv4. When I attempt to configure that I get an error “Couldn’t add New IPsec Policy - policy and sa endpoint address family must match (6)”.
Currently I do not have native IPv6 at my house. I have a IPsec tunnel configured between my house and my office, and I have a 6in4 tunnel configured on top of the IPsec tunnel. That works, but incurs the overhead of an additional IPv4 header for the tunnel which would not be necessary if I could carry the IPv6 traffic directly on top of a IPv4 ESP IPsec tunnel.
I can configure this on a Linux endpoint (e.g., using setkey and raccoon on Debian), so I’m wondering if you would consider adding that ability in RouterOS.
Thanks,
Lee