I am trying to set up an IPv6 IPsec LAN to LAN tunnel between a linux system running strongSwan and a Cisco router.
I know that IPv4 multicast doesn't work over IPsec, you need to add tunneling such as GRE. There is also the forecast plugin.

However, since IPv6 supports IPsec in the extension headers, it can natively support IPv6 multicast.
Can strongSwan running in IPv6 mode support IPv6 multicast, or do I still need to set up a tunnel?
Does the forecast plugin work in this case?

Another possibility is to use VTI. Someone got VTI to work with strongSwan, though there is no documentation, just an email thread.

I am relatively new to IPsec and multicast, so I would really appreciate some guidance on this one.


