Hi Tiago,
Pings from the Linux system are being seem as errors NoRoute by the tunnel. > ... Shunted Connections: Bypass LAN 10.10.10.0/30: 10.10.10.0/30 === 10.10.10.0/30 PASS
The reason is most likely this passthrough IPsec policy installed by the bypass-lan plugin for the subnet that is reachable (according to the main routing table) via ip_vti1. For a ping from 10.10.10.2 to 10.10.10.1, the VTI interface won't find an IPsec policy to protect the packet (the passthrough policy has a higher priority), so it gets dropped.
To avoid that, either install the routes via VTI in table 220 (which is ignored by the bypass-lan plugin automatically), exclude the VTI interface explicitly via charon.plugins.bypass-lan.interfaces_ignore, or just disable the bypass-lan plugin completely if you don't need it.
Regards, Tobias
