thank you for the replies. i am told the opnsense fork of pfsense runs a
hardened version of freebsd rather than openbsd.
i think their support for ike v2 is relatively recent. i will try this
again to see if i can get the routing correct.
On Wed, Sep 12, 2018 at 4:43 AM Tobias Brunner
wrote:
Hi Andrew,
> On BSD, a route based VPN has to be used, because it has no policy based
> implementation (as far as I know).
At least on FreeBSD that's not the case, i.e. it has policies just like
other IPsec implementations (including socket policies to whitelist the
IKE sockets). But for