> sounds like a nexthop validation issue. What does`bgpctl show nexthop` gives > you? Do you have a route to them?
It gives this : Flags: * = nexthop valid Nexthop Route Prio Gateway Iface 10.250.250.250 But surely I have a route if I can ping ? (As part of my testing, I redefined the next-hops as RFC1918 to ensure that if ping worked it meant the IKED VPN worked). If I do `ipsecctl -sa` I can see the flows that IKED created. But are you saying these flows don't get recognised by BGPD ?
