We have an VPN infrastructure with one central Vyos and several VyOS by site.
First sites are connected to Central with MAN network (Private address).
Last sites are connected to Central with WAN network (Public address).
Central VyOS have only one network interface with two IP address :
- 1 on LAN with /24
- 1 public address /32
Since we have added wan site and conf WAN on Central Vyos we have some issue with IPsec VTI tunnel.
When we restart vpn service on one site, vpn service on central VyOS fall down and we have to restart it to resolve the issue.
If we don't restart it, site can't ping Cenytral VyOS public address , but after vpn service is restarted on it, ping is OK.
We have applied upgrade 1.2.2 on all of our sites and on VyOS central.
We have tried to downgrade VyOS central to 1.2.0, to know if issue came from update, but it's the same behavior.