On 2023-07-26, Lyndon Nerenberg (VE7TFX/VE6BBM) <lyn...@orthanc.ca> wrote:
> I need to set up an ipsec tunnel between a couple of ip6 networks,
> but I only have an ip4 path between the two gateways.  I don't want
> any ip4 traffic inside the ipsec tunnel, so I'm a bit puzzled about
> how to set this up.  Once I have the end-points up, can I just point
> the ip6 traffic and routes at enc0?  All the example I can find
> assume you're tunneling ip4 traffic through an ip4 tunnel. (Sorry,
> but after three decades of trying, I still can't make heads nor
> tails of ipsec :-P)

IPsec normally uses flows rather than the route table. Just configure
the tunnel between v6 addresses e.g. "from <v6_address/prefix> to
<v6_address/prefix> peer <v4_address>".

