Hi Brian, > I am using `type=transport`
You can't use transport mode to tunnel traffic from IPs other than the two hosts themselves (that's exactly what tunnel mode is for where the complete IP packet, including the original header, is encapsulated), unless, you use an additional tunneling protocol like GRE. So for transport mode you will have to use %dynamic (optional with protocol/port) as traffic selector. Regards, Tobias
