[strongSwan] auto=route, but packet can't trigger a acquire to negotiate a ipsec tunnel

[Tobias Brunner]

Hi,

>     I configured a ikev2 , net-to-net, psk, i can use "ipsec up" command
> to establish tunnel, but it can't established by a coming traffic, of
> course, the ttraffic can match the rule.

The kernel-libipsec plugin does currently not support trap policies.  So
disable that plugin and use the kernel's IPsec stack instead (via
kernel-netlink plugin).

Regards,
Tobias