I’m in the middle of setting up an IPv6 only net and so far made some good progress. As I want all clients to connect to a VPN before gaining access to the rest of the network, I wanted to expose that via IPv4. As I didn’t want to pull IPv4 across the network border, I thought I’d “terminate” incoming v4 connections via virtual-server functionality and let that forward everything to the VPN host via IPv6. See it as some sort of “NAT46”. Now I’m stuck as it appears the real-server IPv6 addresses are not picked up by the virtual server. When I run “show virtual-server” I get an empty list. If I add any IPv4 to the virtual servers, that will show up. As I don’t get any obvious errors, I’m unsure if this is (yet) unsupported, or a bug of some sort I should report.
I’d appreciate any help!
Sorry for double posts, but it seems editing is not possible.
The short answer to my question is: No, this is not possible.
The a bit longer one is, you can actually have IPv4 and IPv6 real_servers mixed, but only if the forward-method is set to “tunnel”. This will encapsulate incoming traffic in a gre tunnel and send it to the host via the IP version defined by the actual servers address. The real_server has to provide a gre interface on which it can answer the traffic. I’m not sure though if multiple real_servers must have the same IP address on this gre interface to make it all work.