Mwan3 IPsec issue on fail over

Site Feedback and Other Questions
1

Hello OpenWrt community,

I am suffering with a strongswan(IPsec) setup with mwan3 fail over scenario.
Does anyone using mwan3 fail over and IPsec?
My Setup is simple:
Encrypt all traffic from the LAN side to a VPN server (site to site) setup.
I have problems with the fail over setup with mwan3.
If I am in fail over the IPsec-tunnel will setup as expected and is connecting over the backup interface to the other interface to the VPN-Server. But no LAN traffic will get encrypted. I think it has to do with the default route in the main table which strongswan is using to setup up the xfrm. Are there any parameters for strongswan to tell them use another routing table for example the mwan3 routing table?

Thanks

2

hey @feckert
Did you find any solution? If yes then please let me know.

3

@feckert
Please help.

4

Sorry I just ready it! Its a bit late :slight_smile:
I haven't looked into this further as I am now using wireguard.
But I seem to remember that the last thing I tried was to get ipsec to work with an VTI-Interface.
https://gitlab.dev.tdt.de/dev/sys6/upstream/luci-trunk/-/tree/master/protocols/luci-proto-vti