IPsec mode-config with IPv6 address pool

hello,

i’m following this guide to configure ROS 6.46.4 as an IKEv2 responder for road warrior clients: https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_using_IKEv2_with_RSA_authentication

but i can’t find a way to assign an IPv6 address pool for the initiator addresses:

[admin@cr1.cha] /ip ipsec mode-config> /ipv6 pool print                                                                       
Flags: D - dynamic 
 #   NAME                                                PREFIX                                      PREFIX-LENGTH EXPIRES-AFTER       
 0   remote-access                                       2a02:390:84de:15::/64                                  64
[admin@cr1.cha] /ip ipsec mode-config> add address-pool=remote-access address-prefix-length=128 name=remote-access            
input does not match any value of address-pool
[admin@cr1.cha] /ip ipsec mode-config>

is there a different way to assign initiator IPs for IPv6?

I’m afraid there is currently (6.45.8****) no way to use mode-config with IPv6. You cannot set an IPv6 address even as address, let alone address-pool. Let the RouterOS embedded help speak:

[me@MyTik] > ip ipsec mode-config add address=?

Address ::= A.B.C.D (IP address)

as compared to

[me@MyTik] > ip ipsec policy add dst-address=?

DstAddress ::= Prefix6 | Prefix4
Prefix4 ::= A.B.C.D/M (IP prefix)
Prefix6 ::= IPv6/0..128 (IPv6 prefix)

Has there been any updates on this? I’m on ROS 7.10.2 and still experiencing this issue.

Does anyone know if it’s possible at all to use a Mikrotik router as an IPSec IKEv2 server in a road-warrior scenario (with Windows, Mac, iOS clients) with dual-stack or IPv6-only access?

We are struggeling with the same question.

https://forum.mikrotik.com/viewtopic.php?t=204321

Any updates on this?

it’s already 7.16, but the mode-config still doesn’t have the ability IPv6