I maked a standard IPSec tunnel.
The tunnel is in the Established state.
The router sends packets from one subnet to another to the Internet, and not to the tunnel (I check through tracert). On the other hand too.
FastTrack and FastPath are disabled.
How is that in general? I thought that I made a mistake somewhere, double-checked everything, deleted the tunnel, re-created it. Likewise.
There are rules in masquerade in the NAT of both routers, they are higher than the standard ones.
chain=srcnat action=masquerade src-address=192.168.1.0/24 dst-address=192.168.10.0/24 log=no log-prefix=""
In the second router it's the other way around:
chain=srcnat action=masquerade src-address=192.168.10.0/24 dst-address=192.168.1.0/24 log=no log-prefix=""
Why he's sending packets to the internet without knowing anything about the tunnel?