Page MenuHomeVyOS Platform

OpenVPN Interfaces does not work in WAN Load Balancing
Closed, ResolvedPublicBUG



In the process of testing VyOs 1.2.1 we found a bug with wan-load-balancing.
The kernel does not allow add routing tables with OpenVPN Interfaces.

OpenVPN Interface (one of multiple):

# show interfaces openvpn vtun9
 description "Description"
 firewall {
     in {
         name ALLOW_EST_REL
     local {
         name TO-ROUTER-FROM-VPN
     out {
         name FROM-ROUTER-TO-XXX
 mode client
 openvpn-option "--persist-key --persist-tun --nobind --comp-lzo no"
 openvpn-option "--resolv-retry infinite"
 protocol udp
 remote-host hostanme
 remote-port 1194
 tls {
     ca-cert-file /config/auth/ca.crt
     cert-file /config/auth/client.crt
     key-file /config/auth/client.key

Static Route:

interface-route {
     next-hop-interface vtun9 {

S>* [1/0] is directly connected, vtun9, 21:57:39
K>* [0/0] via, vtun9, 21:57:54

In logs we see:

wan_lb: failure to insert default route on active path with this command: ip route replace table 210 default dev vtun9 via

We try to execute command manual, and recieve error:

# ip route replace table 210 default dev vtun9 via
Error: Nexthop has invalid gateway.

I found here: that this is a linux-kernel bug.


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

syncer triaged this task as Low priority.
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
c-po set Is it a breaking change? to Unspecified (possibly destroys the router).