What needs to be enabled to so that a client can get an IPv6 assigned? So far it seems like the it operates in IPv4-only mode.
To simplify, I want all traffic to get routed over the IPsec IKEv2 tunnel.
Still cannot figure out how to get RouterOS’s IPsec responder to assign an IPv6 address.
I can see in Wireshark that my client requests INTERNAL_IP6_* attributes, but the responder ignores them and replies only with INTERNAL_IP4_*. However, RouterOS logs this under the “ipsec” topic:
May/18/2023 13:45:34 ipsec ipsec: preparing internal IPv6 subnet
May/18/2023 13:45:34 ipsec ipsec: preparing internal IPv6 subnet
What am I missing?
Tried the eap-radius as the authentication method. On radius (RouterOS’s User Manager) I specified the “Framed-IPv6-Address” attribute, that did not work: RouterOS only allocated the IPv4 address.
We are struggeling with the same question.
http://forum.mikrotik.com/t/vpn-gateway-ikev2-roadwarriors-and-ipv6/173511/1
Any updates on this?
I don’t think that’s supported by RouterOS’s IPsec client.
I was able to create a workarround! Look in the linked post!
http://forum.mikrotik.com/t/vpn-gateway-ikev2-roadwarriors-and-ipv6/173511/1
Great that it works for you!
Was not feasible in my setup where clients want to derive network configuration from the IPsec responder.
It’s not perfect, but it will do for the clients that is dependent on IPv6 for their work.
It seems that other clients like phones,etc, still can get IPv4-addresses from the responder.
lets hope MT fixes this, and hopefully updates their documentation, with both limitations and the workaround.