-
TIL: @opnsense installs an interface route for IPsec policies, which causes major problems for packets _not_ included in the phase 2 policy but intended for that destination. Setting the IPsec "Advanced Settings" flag "Do not install routes" fixes that, but it's hard to debug...On twitter.com
Mood -2 🙁