I have two pcs, each one is in a specific network and connected to its router. I added set protocols static route x.x.x.x next-hop x.x.x.x on both routers, but it doesn’t work I can’t ping my distant pc
Perhaps pings are disabled on the PC host
Try to dump traffic from PC via “wireshark” tool
I am using now Ubuntu servers instead of pcs. On my previous conf I had tunnel vpn up between these two vyos, and now I am trying to ping my distant server by passing directly by the cable that is connecting the two routers and not the vpn, so I just add a static route and deleted the VPN interface, but I see that I’m always passing by the vpn tunnel and not the static route
Show your configs and tell us what version on VyOS you are using.
Version: VyOS 1.4-rolling-202301300918
If tunnels are configured, then will be routed through it. These commands in router1 makes that all traffic from 192.168.16.0/24 to 192.168.17.0/24 will be routed through the tunnel:
set vpn ipsec site-to-site peer vyos2-ipsec tunnel 0 local prefix ‘192.168.16.0/24’
set vpn ipsec site-to-site peer vyos2-ipsec tunnel 0 remote prefix ‘192.168.17.0/24
If now you want to simple route that traffic (not through tunnels) then you can delete or disable tunnels configuration. Otherwise, router will send the traffic through the tunnel
Thank you! So is it not necessary to remove the vpn interface in this case?
And is it normal that even though i removed this command, i see that vpn ipsec sa is up
First you created the ipsec connection to route between those 2 networks through the tunnel.
If now that is no longer needed, and you want to do simple routing, I see no reason for keeping vpn ipsec configuration on the router. If I were you, I would remove all of it with ‘delete vpn’, and then add necessary static routes to the configuration
OKey I see, so There is no solution to just change the route without removing all the vpn ? I deleted the vpn conf, but I can’t ping the other server I don’t know if I should add something else?
My conf in router1:
set interfaces ethernet eth10 address ‘192.168.16.1/24’
set interfaces ethernet eth9 address ‘172.168.128.10/24’
set interfaces ethernet eth9 description ‘outside’
set interfaces ethernet eth10 description ‘inside’
set protocols static route 192.168.16.0/24 next-hop 172.168.128.11
My conf in router2:
set interfaces ethernet eth9 address ‘192.168.17.1/24’
set interfaces ethernet eth10 address ‘172.168.128.11/24’
set interfaces ethernet eth10 description ‘outside’
set interfaces ethernet eth9 description ‘inside’
set protocols static route 192.168.17.0/24 next-hop 172.16.128.11
Just to be sure, please share connection diagram, configuration and routing tables
router1:
C>* 172.168.128.0/24 is directly connected, eth9, 02:53:44
C>* 192.168.16.0/24 is directly connected, eth10, 02:53:45
router2:
C>* 172.168.128.0/24 is directly connected, eth10, 02:56:10
C>* 192.168.17.0/24 is directly connected, eth9, 1d23h00m
route on the switch1:
S 192.168.0.0/16 via 192.168.16.1 vlan10 1/0 3 days 21:27:24
router1 lan network 192.168.16.0/24
the ip add outside 172.1668.128.10(eth9)
router2: lan network 192.168.17.0/24
ip add outside 172.168.128.11(eth9)
# Route on router 1 to reach LAN of router 2
set protocols static route 192.168.17.0/24 next-hop 172.168.128.11
# Route on router 2 to reach LAN of router 1
set protocols static route 192.168.16.0/24 next-hop 172.168.128.10
Also, both servers should have default gateway .1 of their LAN
1 Like
It wokrs , thank you!
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.