On 2020/12/08 10:26, Yuichiro NAITO wrote: > The inner packet destination address is written in the encapsulated packet and > the final address to be delivered. > The outer packet destination address is peer address of IPsec tunnel. > > Do you mean that I have to set the routing table entry for the inner packet > destination address?
Yes. > When I set a default route of IPv6, IPv6 packets are forwarded via IPsec. > So it sounds strange to me but necessary for me. This is how it works with the flow-based configuration that OpenBSD uses. You can set the default route pointing at ::1 or 127.0.0.1 with -reject or -blackhole, that is OK, but the route must exist.
