How to route IP LAN from Vyos1 to Nat to internet using Vyos2

zakwan · March 2, 2020, 10:21am

Hi,
Please help me on the requirement below.

The situation are :

The connection between Router X to Vyos1(203.X.X.1) is using vpn ipsec site to site peer.
Vyos 1 and Vyos2 have an Internet connection via eth0
There is direct connection from Vyos1 to Vyos2 both using eth1

Some of the connection (besides 10.10.10.0/24) using internet via Vyos1.
However, i would like to try if 10.10.10.0/24 can using internet via Vyos2.
Please advise if this is possible.

echowings · March 2, 2020, 11:49pm

Hi, zakwan
Maybe you met the same issue as me. Please follow my instruction to fixed this issue.

zakwan · March 3, 2020, 2:18am

Hi echowings,

Its working. Thank you so much

echowings · March 3, 2020, 6:41am

Please say something to improve priority of the request feature.
@zakwan
https://phabricator.vyos.net/T2012

zakwan · March 4, 2020, 2:45am

Hi echowings,

I found a proper PBR using vyos commands instead of Linux.
Below is the Vyos commands i used to replace Linux commands :

Need to set PBR on the policy commands
VyosRouter1#sh policy route TO-Vyos2
rule 1000 {
set {
table 100
}
source {
address 10.10.10.0/24
}
Set the static table 100 to Vyos2
VyosRouter1# sh protocols static table 100
route 0.0.0.0/0 {
next-hop 10.40.X.X {
}
Set static route Vyos2 to Vyos1
VyosRouter1# sh protocols static
route 10.10.10.0/24 {
next-hop 10.40.X.X {
}
}

echowings · March 4, 2020, 6:27am

This is great. PBR is suitable for your case. But I need the Globle PBR function to let all network from vpn route 0.0.0.0/0 to another gateway.