On Wed, 6 Jul 2016, Jesse Butcher wrote:
You do not need to manually change any routing for IPsec to work.
I'm aware of this in principle but the VPN endpoints aren't the default
gateway for the member hosts and the actual default gateway is unaware
of the tunnel.
If that is the case, you should have proper routing active on your
network regardless of the whether or not the tunnel is up or down.
I'm not sure what your problem is. You can try "ipsec verify" which
can identify some problems such as rp_filter.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
