The vast majority of our roadwarrior clients provide the following CONFIG payload during IKEv2 AUTH:
11:57:58 ipsec processing payload: CONFIG
11:57:58 ipsec attribute: internal IPv4 address
11:57:58 ipsec attribute: internal IPv4 DNS
11:57:58 ipsec attribute: internal IPv4 NBNS
11:57:58 ipsec attribute: MS internal IPv4 server
11:57:58 ipsec attribute: internal IPv6 address
11:57:58 ipsec attribute: internal IPv6 DNS
11:57:58 ipsec attribute: MS internal IPv6 server
However, some only send IPv6 fields:
11:59:31 ipsec processing payload: CONFIG
11:59:31 ipsec attribute: internal IPv6 address
11:59:31 ipsec attribute: internal IPv6 DNS
11:59:31 ipsec attribute: MS internal IPv6 server
leading to an TS_UNACCEPTABLE answer from the receiver and an error message (no template matches, because we have no ip6 policy templates).
Does an IPv6 only CONFIG payload imply the user being in a IPv6-only LAN?
There are several reasons why this is very unlikely but that is the only explanation I could come up with.