Working on implementing Multi-WAN at our office (more about that later), in which we use a rather special routing setup, we got this error message on our IPSEC tunnels:
While the reason was obvious to me (there's indeed no default route in the main routing table, this is by design), fixing the problem was not.
I tried adding options like leftnexthop=ip-address but it did not really matter; the error persisted.
After searching around Google, I came across a post with a similar error, along with an unusual solution: adding the following line solves the issue.
config setup interfaces="ipsec0=eth0"
The unusual about it is that I'm running a 2.6 kernel and IPSEC interfaces no longer exists. However, adding this option regardlessly overrides the implicit %defaultroute value for all interfaces.