Default route in VRF doesn't work as expected for VyOS Stream

hanisirfan · May 17, 2025, 11:52pm

This is my first time using VRF in general and in VyOS specifically. From my limited knowledge, VRF is just having separate routing table. Okay, what I’m trying to do is to have the default route in VRF name ‘mgmt’ to a next hop which is my firewall.

I can perform normal ping to the next hop address. But can’t do the same to the outside networks. NAT is being done by the firewall.

I noticed that the default route is listed under ‘default’ VRF and not ‘mgmt’ VRF. (please ignore the other routes as I’m using them for my other testing)

When I added another interface from the same 10.0.32.0/20 subnet but under the ‘default’ VRF, it can ping to the outside networks.

Any idea why?

L0crian · May 18, 2025, 12:39am

When you do this command, what you are saying is that you want a default route inside of the default VRF, with a next-hop that is inside of the mgmt VRF.

Here’s what you actually want. This says that you want a default route in the mgmt VRF, with a next-hop that is also in the mgmt VRF.

set vrf name mgmt protocols static route 0.0.0.0/0 next-hop 10.0.32.1

hanisirfan · May 18, 2025, 12:56am

Nice it works now. Thanks!

system · May 20, 2025, 12:57am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.