I have a vyos in a datacenter with public ip
set interfaces ethernet eth0 address ‘x.x.x.x/24’
set interfaces ethernet eth0 description ‘WAN’
set interfaces tunnel tun0 address ‘192.168.0.1/30’
set interfaces tunnel tun0 encapsulation ‘ipip’
set interfaces tunnel tun0 local-ip ‘x.x.x.X’
set interfaces tunnel tun0 multicast ‘disable’
set interfaces tunnel tun0 remote-ip ‘y.y.y.y’
set interfaces vti vti0 address ‘10.0.0.2/31’
set interfaces vti vti0 description ‘Tunnel to 192.168.0.2’
set nat source rule 100 outbound-interface eth0
set nat source rule 100 source address 172.40.40.0/24
set nat source rule 100 translation address masquerade
set nat destination rule 10
set nat destination rule 10 inbound-interface eth0
set nat destination rule 10 protocol tcp
set nat destination rule 10 destination port 80
set nat destination rule 10 translation address 172.40.40.100-172.40.40.103
set nat destination rule 10 log
We have installed 4 vyos systems in the company we have create ipsec tunnels this tunnels are up and running. This vyos systems are connected to a switch on this switch is a webserver connected.
if we run the command wget 172.40.40.10 on the vyos on the DC the webpage is loaded it work fine
In the packet 192.168.0.2 -> 172.40.40.100
the webserver returned the package back to 192.168.0.2 this is 1 of the vyos systems in the company
the traffic go back over the vpn to the dc
if i load the webpage from the internet then it do not work any more.
I see the source address in the packet is the public ipaddres from the public computer.
In the packet 162.59.60.20 -> 172.40.40.100 the webser do not now where to send the package.
Can you provide a simple network diagram?
Which default route for the webserver?
Is webserver use vpn connection? Or only vyos? How Vyos know about network 172.40.40.0/24? What happens if you use only one translation address for dnat?
Which version of vyos? Do you use any other pbr/loadbalancing rules?
The default route for the webserver 0.0.0.0/0 is not defined
default route for 172.40.40.100 101 102 103 is defined
if the package come from the vpn then the specific route is used
Is webserver use vpn connection? yes 4 vpn connections for loadballancing
Or only vyos? vios in dc as well
inbound-interface eth0
log
protocol tcp
translation {
address 172.40.40.100-104
How Vyos know about network 172.40.40.0/24? the vios in the datacenter have a route
What happens if you use only one translation address for dnat?
Then it work fine the webserver know where to send the traffic by route over 1 of the for vpn tunnels
Which version of vyos? version 1.3-rolling-202012141037
Do you use any other pbr/loadbalancing rules? no
The intension is on the company we have 4 slow internet connections if we bundle this connections then we have more bandwidth and failover