Page MenuHomeVyOS Platform

DMVPN behind NAT
Closed, ResolvedPublicFEATURE REQUEST

Description

In continuation of T1186
we need to have spokes behind NAT working

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Related Objects

Event Timeline

syncer triaged this task as Low priority.
syncer created this task.
Unknown Object (User) claimed this task.Nov 27 2020, 7:51 AM
Unknown Object (User) added subscribers: UnicronNL, Unknown Object (User).

Following this issue request https://sourceforge.net/p/opennhrp/support-requests/3/ we need to use transport mode instead of a tunnel. Was tested on AWS node and it looks working even with selector remote_ts = dynamic[gre]

Unknown Object (User) changed the task status from Open to In progress.EditedNov 30 2020, 7:27 AM

DMVPN Spokes work properly behind a NAT if we use transport mode instead of tunnel. e.g.

set vpn ipsec esp-group ESP-HUB mode transport

So I think we need to add this info to docs.vyos.io and close this Feature Request

Unknown Object (User) closed this task as Resolved.Nov 30 2020, 2:28 PM

PR with changed types in docs https://github.com/vyos/vyos-documentation/pull/380
ESP transport mode works properly on Cisco Router and VyOS routers together.

dmbaturin set Is it a breaking change? to Perfectly compatible.Sep 29 2021, 1:34 PM
dmbaturin set Issue type to Improvement (missing useful functionality).