I am trying to setup an IPSEC vpn where the gateway endpoints are IPv4. Across that tunnel I need to route IPv6. Is this possible?
Following the standard IPSEC setup it calls for creating a vti but that apparently does not support IPv6 so I cannot do a standard routing setup with IPV6 addressed interfaces on both sides then using a static route.
Preferably something other than IP6IP6, GRE, etc…
Any suggestions?
Edit: This link says I can do IPv6, but the cli shows otherwise… On the latest 1.4 rolling release as of a couple of days ago…
https://docs.vyos.io/en/latest/configuration/interfaces/vti.html
Edit 2: So I set it up as a normal IPSEC. Looks like tunnel comes up partially but the auto route population isn’t working.
show vpn ipsec sa
peer_xxx-xxx-xxx-176_tunnel_1 up 33m39s 0B/0B 0/0 76.123.26.176 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024
peer_xxx-xxx-xxx-176_tunnel_1_passthough down N/A N/A N/A N/A N/A N/A
Now on latest 1.4 rolling release…
Edit 3: Sorry for all the updates… I am learning things as I go
So it does look like the route gets auto installed in table 220
vyos@vyos:~$ show ipv6 route table 220
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF default table 220:
K>* 2605:6400:5dcd:8::/61 [0/1024] is directly connected, eth0, 00:41:34
But trying to route that that subnet from the outside does not work. How do I get this “leaked” into other routing tables, like the default table…