Hi, > I dont understand how this is possible. Is there another lower-level > routing table?
Yes and no. There are additional routing tables, which you won't see with the old route command, use the `ip` command from the iproute2 package instead to see the routes installed by strongSwan in routing table 220 (`ip route list table 220`). However, IPsec in Linux is not route- but policy-based (you see these IPsec policies with `ip xfrm policy`). Depending on the negotiated policies and the already installed routes those in table 220 are not really required (but they make sure the correct source IP address is selected when sending packets directly from this host). Regards, Tobias
