BGP Router Reflector and IPSec VPN Routing based


#1

Hi, I would like to know how to configure BGP Router Reflector (RR) on VyOS? The provided VyOS configuration guide only shows very simple example about BGP; I also couldn’t find BGP many attributes configuration methodologies in terms of eBGP path selection.

Consequently, I noticed that VyOS router only supports site-to-site IPSec VPN. Actually this is static or policy-based IPSec VPN. If I want to configure IPSec via OSPF or BGP (routing based IPSec VPN), does VyOS support it? if yes, how to configure it?

As open source software, does this mean everyone can develop the VyOS router feature by using programming the VyOS code???

Cheers,
XU


#2

Example DMVPN in VyOS:
https://wiki.vyos.net/wiki/DMVPN

This is static route applied actually.
How can VyOS act IPSec VPN underlying OSPF or BGP?


#3

I don’t think that we support reflector configuration, but i may be wrong
regarding VPNs you probably need to dive deeper on internals
you can rung gre or vti and use it with bgp and/or ospf
That is what people do in AWS (vti+bgp)


#4

Thank you, Syncer.

I have a trouble when I run DMVPN via iBGP test by using the given configuration from https://whiskeyalpharomeo.com/2017/03/11/dmvpn-interoperability-part-2/

My problem is the following:

The configuration of Tunnel part:
set interfaces tunnel tun0 address ‘10.0.0.1/24’
set interfaces tunnel tun0 encapsulation ‘gre’
set interfaces tunnel tun0 local-ip ‘200.200.200.254’
set interfaces tunnel tun0 multicast ‘enable’
set interfaces tunnel tun0 parameters ip key ‘1’

after execute “commit”, the tunnel is not accepted, but ask using “gre-multipoint” due to no “remote-ip” on tun0.

xu@R1# commit
[ interfaces tunnel tun0 ]
No remote-ip configured for tun0, tunnel can only be used for mGRE.

[ interfaces tunnel tun0 ]
Preparing Next Hop Resolution Protocol: opennhrp.
add tunnel “gre0” failed: No such device
interfaces tunnel tun0: error creating tunnel interface

[[interfaces tunnel tun0]] failed
Commit failed

[edit]
xu@R1#

I have checked Vayyata v3.5R3 supports multipoint-gre mode @ http://www.brocade.com/content/dam/common/documents/content-types/configuration-guide/vyatta-tunnels-3.5r3-v01.pdf

May I know how successfully run the DMVPN+iBGP configuration while gre encapuslation doesn’t support m-gre in VyOS-v1.1.8?
and I would like to know how the author successfully completed the DMVPN test according to his provided configuration @ https://whiskeyalpharomeo.com/2017/03/11/dmvpn-interoperability-part-2/

Cheers,
XU