Hello,
Could there be a possibility to implement this?
The logic is easy:
A router has 1 ISP address in VRF global, it also has 1 VTI in VRF 1 with subnet A and 1 VTI in VRF 2 with subnet A.
subnet A identical
VPN to peer 1 has to always go to VRF1 and VPN to peer 2 has to always get in VRF 2. This implies the router must decrypt the tunnel in default VRF and dump it into the corresponding VRF.
I only found a mention of it in 2019 https://marc.info/?l=strongswan-users&m=117012853817126
and in charon https://wiki.strongswan.org/issues/3545