Hi, > I have just a last small issue I can deal with. The source IP used is > the first one defined on internal interface, and not the one matching > the local_ts.
As I mentioned, we can't control this on FreeBSD (no preferred source address can be listed in the routes), it's basically up to the system which IP address it selects. If it's not the right one and you can't get the system to change its behavior, you have to either include that IP in the traffic selectors (or negotiate a separate CHILD_SA if the peer doesn't support multiple traffic selectors) or maybe NAT traffic to the right IP (not sure if FreeBSD supports this sort of thing). Regards Tobias
