All screen shots focus on main route table. Which should be used, and doesnβt have incorrect routes.
To check if other route table is being used:
sudo ip rule show
Should reveal what packets will use different route table
sudo ip route show xxx
will show table numbered xxx
A VTI VPN shouldnβt use extra route table though
From VyOS , run traceroute to a local connected network. This might reveal path chosen.
Seems like packet gets routed out on vti interface
Rule 220: matches all packets, and tells: use route table 220
What does route table 220 look like? (command in my previous post lacked βtableβ
sudo ip route show table 220
This rule/table 220 should be in place for policy based ipsec , afaik not for route based (VTI) ipsec
Hi @crazycen,
Good news
I tried the IPsec lab in 1.4. It works as it should.
It might make sense to try configuring the same thing with a clean 1.4 installation.