Face forwarding issue while creating VTI based ipsec tunnels using OpenWrt

Hey guys,
I'm using Strongswan v5.6.3 inside OpenWRT-18.06 and i have a case which i want both sides with vti enabled ipsec tunnel. And Host A is going to assign a virtual ip address to Host B.

Configs are listed below:

Host A:

conn localtodevicea-Conn
left=%any
right=%any
ikelifetime=3h
lifetime=1h
margintime=9m
keyingtries=%forever
dpdaction=restart
dpddelay=30s
closeaction=restart
leftauth=pubkey
rightauth=pubkey
leftcert=/etc/ipsec.d/certs/localtodevicea_public.pem
leftsendcert=yes
rightsendcert=yes
rightsourceip=192.168.0.1
auto=start
leftid="CN=controller-base"
rightid="CN=device-device-a-cert"
leftupdown=/etc/updown
keyexchange=ikev2
mark=30
esp=aes128-sha256-modp3072,aes256-sha256-modp3072
ike=aes128-sha256-modp3072,aes256-sha256-modp3072
type=tunnel

HostB:

conn localtodevicea-Conn
left=%any
right=10.10.20.37 #Host A ip address
ikelifetime=3h
lifetime=1h
margintime=9m
keyingtries=%forever
dpdaction=restart
dpddelay=30s
closeaction=restart
leftauth=pubkey
rightauth=pubkey
leftcert=/etc/ipsec.d/certs/localtodevicea_public.pem
leftsendcert=yes
rightsendcert=yes
leftsourceip=%config
auto=start
rightid="CN=controller-base"
leftid="CN=device-device-a-cert"
leftupdown=/etc/updown_oip
keyexchange=ikev2
mark=30
esp=aes128-sha256-modp3072,aes256-sha256-modp3072
ike=aes128-sha256-modp3072,aes256-sha256-modp3072
type=tunnel

Inside the updown script, it will create the tunnel using cmd:

ip tunnel add local remote mode vti key 30
ip link set up
sysctl -w 'net.ipv4.conf..disable_policy=1'

I can see the tunnel got up and running, but the strange thing is on the hostB (which is the host requesting virtual ip address) side, if the traffic get to hostB and want go further thru other interfaces rather than the VTI interface. The traffic forwarding got failed.
However, ip_forward has been opened on the host for all interfaces. The traffic is last observed on the vti interface and then "disappeared".

Anyone has ever met the same issue? Thanks.