Hello,
I want to use VyOS as a IPSEC concentrator for several clients, but they have overlapping left and right network subnets. Is there a support for VRF in VyOS? I couldn’t find it in the documentation and I cannot figure it out how to do it without it.
Example configuration:
ClientA
10.10.10.0/24 <—internal GRE tunnel—> VyOS <----IPSEC over Interet -------> 192.168.10.0/24
ClientB
10.10.0.0/16 <------internal Vlan-------> VyOS <-------IPSEC over internet --------> 192.168.0.0/16
Unfortunately there is only one public ip address for the internet connection, so IPSEC connection must end on the same ip.
Thank you for the quick answer. Any idea is there huge community demand for VRF? Can you speculate if ETA will be a month, a quater a year or “eternal later” ?
Do you think that above configuration is possible on VyOS without VRF?
Since VyOS 1.2.0 is using FRRouting instead of Quagga, it seems possible to implement VRF by the community. Check this link
I guess we should wait for one of the main developers to confirm that.
You may implement this topology with policy routing supported by VyOS, the basic idea is to lead traffic from specific interface/network to certain routing table. But it only supports static routes in policy routing, if you perform dynamic routing protocol between two terminals, then VRF is the only choice.
vyos@r1-roll# set vrf name FOO protocols
Possible completions:
+> bgp Border Gateway Protocol (BGP)
> isis Intermediate System to Intermediate System (IS-IS)
> ospf Open Shortest Path First (OSPF)
> static Static route parameters