Hello, do you know if it is possible to change the matching order for traffic.
I need to be able to change the matching order for VPN route policies.
Currently the local routing tables are processed first ('ip rule show' etc), and then NETKEY based IPSec VPN policies are matched.
I need to be able to define a backup static route (to provide redundancy to the VPNs) in the local routing tables that is matched AFTER the VPN route policies.
For example, if the IPSec (NETKEY based) VPN is established the VPN route policy will match first and the traffic will be routed through the tunnel etc.
If the IPSec VPN is NOT established, the traffic will NOT match any VPN route policy and the traffic will be routed via the local routing table instead.
How can this be done?
I am amazed that when NETKEY was being developed, it was designed with a total disregard for VPN redundancy. Hence I am trying to do this to provide a backup route for failed VPNs.
Does anyone know if there is a bulletin board or a specific community which develops the NETKEY libraries so I can ask this question there if no one here knows an answer?
Thanks in advance.