You can do two things:
a) Add more policies to cover all possible traffic (in this case .10.0/24 <-> .30.0/24 for both tunnels) and set level=unique.
b) Switch IPSec to transport mode, create IPIP/EoIP/GRE tunnels between routers and only encrypt those using IPSec. It will give you normal network interfaces you can work with the same way you're used to.
a) I did so at every site (found another thread
viewtopic.php?t=68856), but I cannot get the sites to talk to each other. I also created the same setup for the firewall and NAT at each site. But the funny thing is that I can see traffic flows by looking at the counters.
Site A
- 192.168.88.0/24 <-> 192.168.230.0/24
192.168.88.0/24 <-> 192.168.0.0/24
Site B
- 192.168.230.0/24 <-> 192.168.88.0/24
192.168.88.0/24 <-> 192.168.0.0/24
- 192.168.230.0/24 <-> 192.168.0.0/24
192.168.0.0/24 <-> 192.168.88.0/24
Site C
- 192.168.0.0/24 <-> 192.168.230.0/24
192.168.0.0/24 <-> 192.168.88.0/24
Note that connections that are together is using the same traffic flow, but separate IPsec tunnels.
b) Is not an option as I want to run in Tunnel Mode.