Hi Ryan, > When acting as a responder, I didn’t have to do this, strongSwan seems to > choose a mark value for me.
Not unless you configured `mark=%unique`. > Anything else I should check? Yes, the traffic selectors. As I wrote on [1] the traffic you route into a VTI device has to match the negotiated IPsec policies. Since you haven't specified left|rightsubnet the TS will default to left|right. Since you want to route traffic to 10.1.1.0/24 you have to use at least `rightsubnet=10.1.1.0/24`. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
