VPN negation rules not added in 2.0
The rules negating policy routing for VPNs that exist in 1.2.x aren't added in 2.0.
Updated by Ermal Luçi over 12 years ago
The idea is to check the phase2 networks and check them with every rule we add if route-to is defined and the src/dst falls in any of these rules add a negating rules.
This can be done in kernel too but its too much overhead, so its better in the rules.