v6.47.2 EoIP sends packets from wrong IP address

Hello,

I’m trying to setup an EoIP link with ipsec between two routers. One of them has multiple IPs on the WAN interface.
On this router the local-address property is set, and valid ipsec policies are created.
However GRE packets are sent from different IP. The highest one to be precise.
Therefore these GRE packets are not encrypted at all.
I’ve tried changing Preffered Source in IP->Routes, and all masquerades but with no avail.
The other side also has valid local and remote addresses.

I’ve made this discovery when I set GRE firewall rules to accept only ipsec encrypted traffic (ipsec-policy=in:ipsec) and the rule wasn’t passing traffic. Then using package sniffer I found out that this traffic wasn’t encrypted as it was coming from the wrong IP.

Both routers are RB4011iGS+ running v6.47.2.

Best regards
tlaguz

I have found source of the issue. After disabling PPTP Service Port packets are sent as expected. My routers aren’t behind NAT anyway, so I don’t need this Service Port to be enabled.

Strange thing is the highest IP isn’t any different from the others. PPTP Service Port is making an arbitrary decision to use this highest IP and not any other (despite that EoIP has local ip explicitly specified).