I'm using OpenWRT on a Routerboard RB2011, and I've configured the switch on it to mirror the WAN traffic to a specific port for Snort usage.
This same OpenWRT have a 6in4 IPv6 Tunnel, and although the tunnel is established through the WAN port, I believe the traffic on the tunnel is encrypt, so Snort can't see it.
Is there any solution to mirror the traffic of a 6in4 tunnel to a specific port?
According to the docs, the tunnels are enabled by default, and I've just used ./configure while building mine, so I believe yes, I have ipip enabled.
Nevermind, I think you're correct, and it should be working fine... sometimes I've got a feeling that it is only getting IPv6 traffic that comes through internal interfaces.