u/BOOZy1

All through the day I see bounces from Microsoft:

RECEIVED: 550 5.7.515 Access denied, sending domain domain.tld doesn't meet the required authentication level. The sender's domain in the 5322.From address doesn't meet the authentication requirements defined for the sender. To learn how to fix this see: https://go.microsoft.com/fwlink/p/?linkid=2319303 Spf= Fail , Dkim= Pass , DMARC= Pass

With alternating SPF/DKIM/DMARC fails. DNS is hosted by Cloudflare and hasn't changed in months.

All records pass on checks and aren't too long or too complex.

Hi All,

I'm using the new style IPSec to create a LAN-to-LAN connection.

Phase 1 is coming up but phase 2 just doesn't do anything. Logs are unhelpful.

If I do a traceroute to the LAN on the other side I see it's not being encapsulated and just tries to route to the internet (and obviously failing).

The correct subnets and masks are configured as 'children' but for some reason they are not encapsulated.

If I configure the same setup using legacy IPSec it works just fine.

Edit fixed. Child (phase 2) config needs to be set to 'Trap+start' instead of the default 'Start'.