VPN : VPN > Settings
Configuring VPNs for IPv6
For complete information on the SonicOS implementation of IPv6, see IPv6 .
IPSec VPNs can be configured for IPv6 in a similar manner to IPv4 VPNs after selecting the IPv6 option in the View IP Version radio button at the top right of the VPN Policies section.
There are certain VPN features that are currently not supported for IPv6, including:
IKEv2 is supported, while IKEv1 is currently not supported
GroupVPN is not supported
DHCP Over VPN is not supported.
Topics:
General Tab
Network Tab
Proposals Tab
Advanced Tab
General Tab
When configuring an IPv6 VPN policy, on the General tab, the gateways must be configured using IPv6 addresses. FQDN is not supported. When configuring IKE authentication, IPV6 addresses can be used for the local and peer IKE IDs.
* 
NOTE: DHCP Over VPN and L2TP Server are not supported for IPv6.
Network Tab
On the Network tab of the VPN policy, IPV6 address objects (or address groups that contain only IPv6 address objects) must be selected for the Local Networks and Remote Networks.
DHCP Over VPN is not supported, thus the DHCP options for protected network are not available.
The Any address option for Local Networks and the Tunnel All option for Remote Networks are removed. An all-zero IPv6 Network address object could be selected for the same functionality and behavior.
Proposals Tab
On the Proposals tab, the configuration is identical for IPv6 and IPv4, except IPv6 only supports IKEv2 mode.
Advanced Tab
The Advanced tab for IPv6 is similar to that of IPv4, with only these options being IP-version specific:
 
Table 72. Advanced settings: Options available based on IP version
Option
IP Version
IPv4
IPv6
Enable Multicast
X
 
Enable Keep Alive
 
X
Permit Acceleration
X
 
Suppress automatic Access Rules creation for VPN Policy
 
X
Disable IPsec Anti-Replay
 
X
Using Primary IP Address
 
X
Specify the local gateway IP address
 
X
* 
NOTE: Because an interface may have multiple IPv6 address, sometimes the local address of the tunnel may vary periodically. If a user needs a consistent IP address, configure the VPN policy to be bound to an interface instead of a Zone, and then specify the address manually. The address must be one of the IPv6 addresses for that interface.