I am currently running a few IPSEC tunnels but I run into a few limitations. My current setup is to use tunnel mode and policies which ‘kind of’ handles routing. I mean kind of because it appears that only the forward chain is inspected for interesting traffic which limits my ability to access remote devices from the router via telnet or anything that doesnt have a src-address option.
I see an alternative of just creating a transport mode ipsec link between the wan addresses of my two routers and then doing either an ipip, gre, or eoip tunnel between. This would give me an actual interface and IP for the remote device and I can use traditional routes.
any advice on the better method?
Thanks