On Wed, 2023-10-18 at 20:21 +1100, Karl Auer wrote:
What I'm doing now is configuring up a minimal replacement router with none of the cruft of the existing one. And I will remove the ipsec configuration from the other end.
On Wed, 2023-10-18 at 19:23 +1100, Roger Plant wrote:
My new guess is that there may still be some ipsec policies and settings configured. Requiring traffic from X to Y be tunnelled with ipsec.
It was indeed the ipsec configuration. My minimal config had *exactly* the same symptoms as the current production router. Until I removed the ipsec config from the remote router. In hindsight, with 20/20 vision, it is blindingly obvious that I should have disabled the policies, not the peers. Elation and annoyance in equal parts... Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160