In a GNS3 lab, I try to establish an IPSec-tunnel over IPv6. Both routers are connected through a bridge (on a 3rd RouterOS VM). At first I configured an IPSec-tunnel over IPv4 and that worked. Then I tried to switch the tunnel to IPv6 but I can't see any traffic on the connected interfaces and in the RouterOS log it looks as if the routers not even try to start the tunnel ... likely a configuration issue?
Here is my configuration:
Code: Select all
r1: /ipv6/address/print
Flags: D - DYNAMIC; L - LINK-LOCAL
Columns: ADDRESS, INTERFACE, ADVERTISE
# ADDRESS INTERFACE ADVERTISE
0 D ::1/128 lo no
1 DL fe80::ecb:ceff:fee6:0/64 ether1 no
2 DL fe80::ecb:ceff:fee6:2/64 ether3 no
3 DL fe80::ecb:ceff:fee6:3/64 ether4 noCode: Select all
r2: /ipv6/address/print
Flags: D - DYNAMIC; L - LINK-LOCAL
Columns: ADDRESS, INTERFACE, ADVERTISE
# ADDRESS INTERFACE ADVERTISE
0 D ::1/128 lo no
1 DL fe80::ee5:deff:fe88:0/64 ether1 no
2 DL fe80::ee5:deff:fe88:2/64 ether3 no
3 DL fe80::ee5:deff:fe88:3/64 ether4 noCode: Select all
r1: /tool/ping address=fe80::ee5:deff:fe88:0 interface=ether1
SEQ HOST SIZE TTL TIME STATUS
0 fe80::ee5:deff:fe88:0 56 64 8ms912us echo reply
1 fe80::ee5:deff:fe88:0 56 64 2ms824us echo reply
2 fe80::ee5:deff:fe88:0 56 64 3ms72us echo reply
sent=3 received=3 packet-loss=0% min-rtt=2ms824us avg-rtt=4ms936us max-rtt=8ms912usCode: Select all
r1: /ip/ipsec/peer/print
Flags: X - disabled; D - dynamic; R - responder
0 X name="r2_ipv4" address=172.16.0.11/32 profile=ike1 exchange-mode=main send-initial-contact=yes
1 name="r2_ipv6" address=fe80::ee5:deff:fe88:0/128 profile=ike1 exchange-mode=main send-initial-contact=yesCode: Select all
/ip/ipsec/policy/print
Flags: T - TEMPLATE; X - DISABLED, I - INVALID; * - DEFAULT
Columns: PEER, TUNNEL, SRC-ADDRESS, DST-ADDRESS, PROTOCOL, ACTION, LEVEL, PH2-COUNT
# PEER TUNNEL SRC-ADDRESS DST-ADDRESS PROTOCOL ACTION LEVEL PH2-COUNT
0 TX* ::/0 ::/0 all
1 X r2_ipv4 yes 10.0.1.0/24 10.0.2.0/24 all encrypt require 0
2 r2_ipv6 yes 10.0.1.0/24 10.0.2.0/24 all encrypt require 0