IPSEC VPN local prefix is not really 'local'

Hi there,

I am building a site to site VPN using Vyos. I followed the config template here:


The thing is my local prefix is only one /32 which is not directly connected to the router. It is a few hops away. There is a /27 learned from OSPF that includes this IP. This IP is pinguable from the VPN router.

When I try to commit the config, I get the warning:

Warning: local prefix x.x.x.x/32 specified for peer “y.y.y.y” is not configured on any interfaces

Can I simply dismiss this warning or is it a problem? if it is a problem, how can I overcome this? Shall I create a blackhole route for this specific /32? It won’t be local either…

Just ignore this warning.

1 Like

Thank you very much, will do!

1 Like