Hi, I currently use 0.0.0.0/0 as the local_ts on my server, and when my mac connects to it via ikev2 vpn, in the routing table I see ipsec0 is used as the default gateway. But it also says if the destination is directly my server, it should go through eth0.
I have a couple services open on the server, and I’d like connection to them to be protected by ipsec too. I wonder what should I specify in local_ts? I tried local_ts = 0.0.0.0/0,%dynamic[53], but I can not longer connect to the ikev2 vpn, and the error contained "no matching peer config found”. Removing “,%dynamic[53]” fixed it. Is it possible to specify a port for %dynamic? And is specifying multiple selectors the right approach to protect both the forwarded and direct connection to server? Regards, Glen
