I'm running what I believe is the latest experimental for the neo2 - 5.27.170601. This could well be a problem related to something that doesn't yet work in this build.
I've built strongswan on the neo and everything built fine and installed. ipsec starts and I'm able to bring a tunnel up to a remote vpn server that I know is fine and is verified working from some other box with identical connection and key configuration that I'm using on the neo2.
When the tunnel is brou
The cause of this mystery is found by Noel Kuntze at StrongSwan: https://wiki.strongswan.org/issues/2351?issue_count=221&issue_position=3&next_issue_id=2349&prev_issue_id=2352#note-9
https://patchwork.kernel.org/patch/9704017/ : ipsec doesn't route TCP with 4.11 kernel
It looks like there's a fix but it's not found it's way into the Armbian Neo2 Experimental yet which I believe is based on 4.11. FriendlyArm Debian is also based on 4.11.
ipsec is ba