I installed 5.0rc8 yesterday hoping to take advantage of the new IPv6 support for IPsec. However, I was disappointed to discover that the router will not let me configure an IPsec tunnel policy where the source and destination addresses are IPv6 and the endpoints are IPv4. When I attempt to configure that I get an error "Couldn't add New IPsec Policy - policy and sa endpoint address family must match (6)".

Currently I do not have native IPv6 at my house. I have a IPsec tunnel configured between my house and my office, and I have a 6in4 tunnel configured on top of the IPsec tunnel. That works, but incurs the overhead of an additional IPv4 header for the tunnel which would not be necessary if I could carry the IPv6 traffic directly on top of a IPv4 ESP IPsec tunnel.

I can configure this on a Linux endpoint (e.g., using setkey and raccoon on Debian), so I'm wondering if you would consider adding that ability in RouterOS.

Thanks,
Lee

I just to a 6in4 tunnel over ipip ipsec.

Have tunnels going to 5 locations that way. Works great.

I wouldnt think ipv6 over ipv4 IPSEC would work. It tunnels ipv4, it doesnt transform ipv6 into ipv4.

transform ipv6 into ipv4.

Well, of course it does, it essentially sticks an IPv4 Header in front of the IPv6 packet, and off it goes (also over IPSECv4)...