Page MenuHomeVyOS Platform

DMVPN behind NAT
Closed, ResolvedPublicFEATURE REQUEST

Description

In continuation of T1186
we need to have spokes behind NAT working

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close

Related Objects

Event Timeline

syncer triaged this task as Low priority.
syncer created this task.
Dmitry added subscribers: UnicronNL, Dmitry.

Following this issue request https://sourceforge.net/p/opennhrp/support-requests/3/ we need to use transport mode instead of a tunnel. Was tested on AWS node and it looks working even with selector remote_ts = dynamic[gre]

Dmitry changed the task status from Open to In progress.EditedNov 30 2020, 7:27 AM

DMVPN Spokes work properly behind a NAT if we use transport mode instead of tunnel. e.g.

set vpn ipsec esp-group ESP-HUB mode transport

So I think we need to add this info to docs.vyos.io and close this Feature Request

PR with changed types in docs https://github.com/vyos/vyos-documentation/pull/380
ESP transport mode works properly on Cisco Router and VyOS routers together.