Hi There,
I have a very odd problem. One of my many IPSec policies on a Mikrotik CHR is targetting a /23 within the shared IP RFC 6598 100.64.0.0/10 subnet. The VPN peer has multiple policies. All other policies are being encrypted fine, however the packets for destination of that RFC6598 subnet are following the default route.
There is an installed SA of course, the WAN interface is using a normal public IP address, no route entry or filter for RFC6598 is in place. It appears the IPSec policy for said destination is ignored in the routing table.
policy is shown below:
A yes /24 100.65.0.0/23 all encrypt require 1
Any pointers or confirmation that this may be a bug would be apprechiated. Thank you.