a similar problem is shown in the below link from ubnt edgeos . it seems this bug has carried over from the vyatta code.
problem shows up in both 1.1.x and 1.2.0 versions of vyos.
[[ https://community-experiment.ubnt.com/topic/183000/unable-to-use-ipsec-over-ipv6-bug/6?page=1| unable to use ipsec over ipv6]]
Derived from above link, when an ipv6 ipsec site to site vpn is created with a IPv6 VPN endpoint.
```
vpn {
ipsec {
auto-firewall-nat-exclude disable
esp-group ESP1 {
compression disable
lifetime 3600
mode transport
pfs enable
proposal 1 {
encryption aes128
hash sha1
}
}
ike-group IKE1 {
dead-peer-detection {
action restart
interval 15
timeout 90
}
ikev2-reauth no
key-exchange ikev1
lifetime 28800
proposal 1 {
dh-group 2
encryption aes128
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
site-to-site {
peer yyyy:yyyy:yyyy:yyyy:yyyy:yyyy:yyyy:yyyy {
authentication {
mode pre-shared-secret
pre-shared-secret PassWord
}
default-esp-group ESP1
ike-group IKE1
local-address xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
tunnel 1 {
}
}
}
}
}
```
the following error appears:
```
commit
[ vpn ]
[ vpn ipsec site-to-site peer yyyy:yyyy:yyyy:yyyy:yyyy:yyyy:yyyy:yyyy tunnel 1 ]
VPN configuration error: IPv4 over IPv6 IPsec is not supported
```