> VTI devices won't change anything. You can't use transport mode with > any IPs other than those of the endpoints (i.e. it doesn't work with > virtual IPs or arbitrary subnets - you have to use tunnel mode for that).
Got it, thanks Tobias. But the logs say `06[IKE] not using transport mode, not host-to-host` and the SADB modes are all `tunnel`, so the stack appears to have made up for my error. Or has it?
