Beta ISO VTI Tunnel
Closed, DuplicatePublicBUG
Actions

Assigned To

None

Authored By

	volga629
	Oct 7 2017, 8:12 PM

Tags

Referenced Files

None

Subscribers

Active contributors

Description

Hello Everyone,
I was testing VTI tunnel and by default strongswan install routing tables 220 which cause vti tunnel not route traffic correct direction.
Solution to this problem is set the following parameter into strongswan.conf

install_routes = 0

Will be nice to have proper cli flag when we set vpn tunnel vti bind.

As example

#New option
set vpn ipsec site-to-site peer 1.1.1.1 vti install_route  disable

set vpn ipsec site-to-site peer 1.1.1.1 vti bind vti0
set vpn ipsec site-to-site peer 1.1.1.1 vti esp-group LAN2LAN-P2

Details

Difficulty level: Unknown (require assessment)
Version: VyOS 999.201710022137
Why the issue appeared?: Will be filled on close

Related Objects

Mentioned Here: T71: Add virtual IP and route installation policy options for IPsec

Event Timeline

volga629 created this task.Oct 7 2017, 8:12 PM

pasik added a subscriber: pasik.Oct 27 2017, 10:01 PM

syncer triaged this task as Wishlist priority.Dec 21 2017, 9:41 PM

syncer edited projects, added VyOS 1.2 Crux; removed VyConf.

Also see T71

syncer closed this task as a duplicate of T71: Add virtual IP and route installation policy options for IPsec.Jun 25 2018, 12:02 PM

dmbaturin closed this task as a duplicate of T628: StrongSwan requires configuration change for proper routing over VTI..Aug 4 2018, 10:28 PM

syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc1), VyOS-1.2.0-GA; removed VyOS 1.2 Crux.Oct 15 2018, 11:06 PM

syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.Oct 15 2018, 11:58 PM