From owner-freebsd-questions@FreeBSD.ORG  Thu Oct  3 16:23:25 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 458738CA
 for <freebsd-questions@freebsd.org>; Thu,  3 Oct 2013 16:23:25 +0000 (UTC)
 (envelope-from fbsd-mbox@mail.ru)
Received: from fallback7.mail.ru (fallback7.mail.ru [94.100.176.135])
 by mx1.freebsd.org (Postfix) with ESMTP id EFD302F3A
 for <freebsd-questions@freebsd.org>; Thu,  3 Oct 2013 16:23:24 +0000 (UTC)
Received: from smtp43.i.mail.ru (smtp43.i.mail.ru [94.100.177.103])
 by fallback7.mail.ru (mPOP.Fallback_MX) with ESMTP id 8033BE62075C
 for <freebsd-questions@freebsd.org>; Thu,  3 Oct 2013 20:23:17 +0400 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru;
 s=mail2; 
 h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID;
 bh=CWiQ7ZmlbX/jBIQ49yH+AsMI4RE5NizZnT0m2Y4E4hA=; 
 b=APpKiRvE0gXeTaYdLLmgknanlxdy0BZZLQSACowlgzoAvwfFS0QAqcx2N4V6+eur7W+9HKJZQbzdLhRRhw8fEfMzbBuaByPFDSBfM5b9g9DsQeaMo789E7LBk2OVdzdAxoptxDmg0xcXAuwg69rGcR6QXSoeWspi52CfbI5sdqI=;
Received: from [212.100.132.202] (port=51887 helo=[127.0.0.1])
 by smtp43.i.mail.ru with esmtpa (envelope-from <fbsd-mbox@mail.ru>)
 id 1VRlgD-0005r5-4O
 for freebsd-questions@freebsd.org; Thu, 03 Oct 2013 20:23:09 +0400
Message-ID: <524D99EB.5060508@mail.ru>
Date: Thu, 03 Oct 2013 20:23:07 +0400
From: fbsd-mbox <fbsd-mbox@mail.ru>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Subject: Problem with IPSec setup
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam: Not detected
X-Mras: Ok
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2013 16:23:25 -0000

Hello.

Does anyone have a clue why kernel always directs ESP packets via 
default route (or default gateway in FIB 0), even if there are other 
FIBs with per-interface routes?

I'm stuck with the gateway, which is connected to 2 ISPs and the 
necessity to configure IPSec tunnels on both external channels. Using 
setfib(8) I've managed to successfully establish an IKE session via both 
channels (using a separate instance of racoon per each channel), but the 
tunnel is just not working.
Using IPFW's setfib option does not make any difference.

Is this a bug or I'm missing some point?