Hello,
I use VyOS 1.1.7 to connect the office to AWS and a data centre.
We noticed that the VyOS uses its local address of the vti tunnel when it tries to access the data centre:
```
$ ip -o -4 a
1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever
2: eth0 inet 192.168.2.254/24 brd 192.168.2.255 scope global eth0\ valid_lft forever preferred_lft forever
...
10: vti1 inet 169.254.33.118/30 scope global vti1\ valid_lft forever preferred_lft forever
11: vti2 inet 169.254.32.106/30 scope global vti2\ valid_lft forever preferred_lft forever
$ ip route get 172.17.70.50
172.17.70.50 via 169.254.32.105 dev vti2 src 169.254.32.106
cache
```
I can't reach any server on network 172.17.70.0 from the VyOS server itself unless I force bind the address (e.g. with `ssh -b...`).
Other hosts behind the VyOS do manage to connect to network 172.17.70.0/24.
The problem with this is that the VyOS also doubles as a local DNS cache, so it has to be able to talk over the IPsec tunnel.
My question - is there a way for me to make the VyOS know that it shouldn't use the vti local address to try to connect anywhere?