Hello, Is there a way to specify the default IP for VyOS. Now when i do ping without specifying the interface it uses my WAN address. Can i make it use one of the LAN IP addresses.
This has nothing to do with the default IP of the VyOS box. By default ping will use the first interface.
Just use the ping flags to set what interface you want to use.
https://linux.die.net/man/8/ping
ping -I eth1 google.com
Ok i will explain in details.
I have Site-to-Site VPN using IPSec VTI interface. In our main office we have Unifi USG-Pro and VyOS VM in our branch office. The VTI in the USG doesn’t have a IP set, i haven’t set IP on the VTI interface of the VyOS. The VyOS is behind NAT with all ports of the ADSL Modem Public IP port forwarded to WAN IP, so NAT-T is used for the VPN. I have set some static interface route to the VTI for some subnets in the main office. We have dns servers in the main office. When the vyos connects to ne dns servers it uses the WAN interface IP address. It is the same with ping. I want to use LAN IP to connect to the dns servers and to ping.
Here are my interfaces.
[code]Interface IP Address S/L Description
eth0 192.168.1.2/24 u/u Internet
eth1 10.10.11.1/24 u/u
eth2 10.10.21.1/24 u/u
eth3 10.10.101.1/24 u/u
eth4 10.10.201.1/24 u/u
lo 127.0.0.1/8 u/u
::1/128
vti0 - u/u [/code]
And my routing table.
[code]Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
S>* 0.0.0.0/0 [1/0] via 192.168.1.1, eth0
S>* 10.10.10.0/24 [1/0] is directly connected, vti0
C>* 10.10.11.0/24 is directly connected, eth1
C>* 10.10.21.0/24 is directly connected, eth2
S>* 10.10.100.0/24 [1/0] is directly connected, vti0
C>* 10.10.101.0/24 is directly connected, eth3
S>* 10.10.111.0/24 [1/0] is directly connected, vti0
C>* 10.10.201.0/24 is directly connected, eth4
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.1.0/24 is directly connected, eth0[/code]
I don’t understand.
If you set the system DNS server to be a server on your LAN, it will use your LAN interface to get there.
If you want to ping out using a LAN IP, you can use the ping flags to do exactly that.
I really don’t see what the issue is.
I am setting up the VyOS as dns forwarder and i have configured a domain to forward to specific dns server.
forwarding {
cache-size 100
domain local.traykovtrans.com {
server 10.10.100.3
}
listen-on eth1
listen-on eth2
listen-on eth3
listen-on eth4
}
So when clients make a dns request they send it to the VyOS and VyOS makes request via 192.168.1.2. How can I make the request from the VyOS to use 10.10.11.1.
your DNS server is on 10.10.100.3 and you are trying to force that traffic out an IP address that is not the normal OUTBOUND IP and also not on the same subnet as the DNS server. How is it to know where to get to that IP? Do you have any routes in place for that subnet?