Hello guys,
I have a problem since i use Vyos and never founded a way to fix this, to be able to login into vyos true ssh from home or another location true lan witch is ower office and it has another ISP just for office, we dont whant to mix with the rack.
So i got this
Interface IP Address S/L Description
eth0 192.168.100.101/24 u/u Local Connect
eth2 xxxx56.187/29 u/D ISP 1
eth4 - u/D
eth4.2288 xxxx224.130/30 u/D ISP 1
eth4.2291 xx224.110/30 u/D ISP 2
eth5 - u/D
eth6 xxxx.176.1/23 u/D 10GB Port > Switch
xxxxx.88.1/24
xxxx81.1/24
xxxx4.1/23
lo 127.0.0.1/8 u/u
::1/128
This “eth0 192.168.100.101/24 u/u Local Connect” is connected to an Ubiquity router witch we use it only for office conection, another ISP line not to mix with the rack ISP providers.
All the ports ar opened, from ower offices PC example My PC local IP: 192.168.100.130 im able to ssh into the vyos, but when im home or in another location, i`m unable to ssh into it, so i have to use ower gateway ips from bgp to login into it, witch is not ok, in case ISP 1 and ISP 2 dies we ar unable to login into it, so i have to go and check it at the location.
To be more clearly, i whant to acces vyos ssh ower local conection but not only from the office.
I strugle with this for mo, and i was braking google search, daily. 
Thank you
I think you need some tunnel with ubiquity
Gre/openvpn/wireguard or something another.
Not sure what is that platform supported.
So how do you want connect if both isp is down?
Hello,
True eth0 192.168.100.101/24 u/u Local Connect
Conected to the same ubiquity on another port i have a mikrotik, on witch i play with it as i just whant to learn it and i`m able to acces it from home, on the mikrotik i have pluged an server just for testing from Local > Mikrotik > Server and is working, but from Local > Vyos Router not.
If I understand correct you need to configure DNAT on ubiquity site
HOME => xx.125.34.36 port 2222 => 192.168.100.101 port 22
So all connections for External address of ubiquity and port 2222 will be translated to ip address 192.168.100.101 port ssh.
Have them on the other server true the mikrotik is working, on the vyos nop
I founded this in the vyos
Jan 28 13:00:50 router sshd[15053]: Server listening on 0.0.0.0 port 22.
Jan 28 13:00:50 router systemd[1]: Started OpenBSD Secure Shell server.
Jan 28 13:00:50 router systemd[1]: opt-vyatta-config-tmp-new_config_14845.mount: Succeeded.
Jan 28 13:00:51 router commit: Successful change to active configuration by user vyos on /dev/pts/0
Jan 28 13:00:52 router kernel: [175109.430537] net_ratelimit: 402 callbacks suppressed
Jan 28 13:00:52 router kernel: [175109.430554] IPv4: martian source xx.34.24.36 from xx.34.24.1, on dev eth0
And it gives me right in a secand Network error: Connection refused like it refus the connection and not theat is not open
Try to connect to ssh and dump traffic
sudo tcpdump -nnti ethX port 22
Where ethX - your LAN interface
I`m confused now 
i login to vyos true local from local PC and sudo tcpdump -nnti eth0 port 22
IP 192.168.100.1.63589 > 192.168.100.101.22: Flags [.], ack 147744768, win 17, length 0
IP 192.168.100.1.63589 > 192.168.100.101.22: Flags [.], ack 147744592, win 18, length 0
IP 192.168.100.101.22 > 192.168.100.1.63589: Flags [P.], seq 147747424:147747776, ack 193089, win 794, length 352
IP 192.168.100.1.63589 > 192.168.100.101.22: Flags [.], ack 147745568, win 14, length 0
IP 192.168.100.101.22 > 192.168.100.1.63589: Flags [P.], seq 147747776:147748032, ack 193089, win 794, length 256
IP 192.168.100.1.63589 > 192.168.100.101.22: Flags [.], ack 147745008, win 16, length 0
IP 192.168.100.101.22 > 192.168.100.1.63589: Flags [P.], seq 147748032:147748176, ack 193089, win 794, length 144
vyos@router.101# show service ssh
disable-host-validation
listen-address 0.0.0.0
port 22
[edit]
vyos@router.101#
Somnehow vyos it drops my connection or the kernel or iptables and is not an network issue
Now i see this in logs
Jan 28 12:42:42 router zebra[1299]: [EC 4043309103] Context received for kernel nexthop update without an interface
Jan 28 12:42:42 router zebra[1299]: Extended Error: Invalid nexthop id
Jan 28 12:42:42 router zebra[1299]: [EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWNEXTHOP(104), seq=99598072, pid=4083494108
Jan 28 12:42:42 router zebra[1299]: Extended Error: Nexthop id does not exist
Jan 28 12:42:42 router zebra[1299]: [EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWROUTE(24), seq=99598073, pid=4083494108
Jan 28 12:42:42 router zebra[1299]: [EC 4043309074] Failed to install Nexthop ID (6601539) into the kernel
Jan 28 12:42:42 router zebra[1299]: [EC 4043309074] Failed to install Nexthop ID (6601538) into the kernel
Jan 28 12:42:42 router zebra[1299]: 0:192.230.89.0/24: Route install failed
Jan 28 12:42:43 router zebra[1299]: [EC 4043309103] Context received for kernel nexthop update without an interface
Jan 28 12:42:43 router zebra[1299]: Extended Error: Invalid nexthop id
Jan 28 12:42:43 router zebra[1299]: [EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWNEXTHOP(104), seq=99598083, pid=4083494108
Jan 28 12:42:43 router zebra[1299]: Extended Error: Nexthop id does not exist
Jan 28 12:42:43 router zebra[1299]: [EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWROUTE(24), seq=99598084, pid=4083494108
Jan 28 12:42:43 router zebra[1299]: [EC 4043309074] Failed to install Nexthop ID (6601539) into the kernel
Jan 28 12:42:43 router zebra[1299]: [EC 4043309074] Failed to install Nexthop ID (6601538) into the kernel
Jan 28 12:42:43 router zebra[1299]: 0:197.242.252.0/24: Route install failed
Jan 28 12:42:44 router zebra[1299]: [EC 4043309103] Context received for kernel nexthop update without an interface
Jan 28 12:42:44 router zebra[1299]: Extended Error: Invalid nexthop id
Jan 28 12:42:44 router zebra[1299]: [EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWNEXTHOP(104), seq=99598107, pid=4083494108
Jan 28 12:42:44 router zebra[1299]: Extended Error: Nexthop id does not exist
Jan 28 12:42:44 router zebra[1299]: [EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWROUTE(24), seq=99598108, pid=4083494108
Jan 28 12:42:44 router zebra[1299]: [EC 4043309074] Failed to install Nexthop ID (6601539) into the kernel
Jan 28 12:42:44 router zebra[1299]: [EC 4043309074] Failed to install Nexthop ID (6601538) into the kernel
Jan 28 12:42:44 router zebra[1299]: 0:131.196.133.0/24: Route install failed
Try to delete the firewall from LAN network, I don’t see drops in the dump.
I made a proxmox server with the same ip, same cable, like switching vrom vyos to proxmox and is working so i think there is a strange think on vyos and i dont understand why.
How other they access theyr vyos server if BGP is dead ?
Hi.
Could you post your vyos config?
from operational mode, run the following.
show configuration all
I thought there is a mask setting to automatically mask things for privacy, but i can’t find it.
Hello guys, i have to come back to this cuz now its a must to fix this.
So i made a new server with vyos connected to my local network 192.168.100.0/24 .
on the eth0 i setup ip 192.168.100.101/24 , i`m able to login into the server from my local network , from another pc on same network.
On the router i made port forward to be able to login into my vyos outside the local network, from home.
Still same problem, not working, i get time out.
From the vyos server im not able to ping 8.8.8.8 is not working, Network is unreachable.
On the same network i have a windows server, using it as RDP, have ip 192.168.100.111 with port forward for the RDP, and works, i`m able to login into from anywhere.
Ping from vyos to windows server 192.168.100.111 works
Jesus fixed with this command.
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
