Is VRF possible in VyOS?

I want to use VyOS as a IPSEC concentrator for several clients, but they have overlapping left and right network subnets. Is there a support for VRF in VyOS? I couldn’t find it in the documentation and I cannot figure it out how to do it without it.

Example configuration:
ClientA <—internal GRE tunnel—> VyOS <----IPSEC over Interet ------->
ClientB <------internal Vlan-------> VyOS <-------IPSEC over internet -------->

Unfortunately there is only one public ip address for the internet connection, so IPSEC connection must end on the same ip.

Thanks for the help.

No VRF support at this time,
this is something that we consider to add in future but no ETAs at this time

Thank you for the quick answer. Any idea is there huge community demand for VRF? Can you speculate if ETA will be a month, a quater a year or “eternal later” :slight_smile: ?

Do you think that above configuration is possible on VyOS without VRF?

Since VyOS 1.2.0 is using FRRouting instead of Quagga, it seems possible to implement VRF by the community. Check this link
I guess we should wait for one of the main developers to confirm that.

You may implement this topology with policy routing supported by VyOS, the basic idea is to lead traffic from specific interface/network to certain routing table. But it only supports static routes in policy routing, if you perform dynamic routing protocol between two terminals, then VRF is the only choice.

VRF now on roadmap, don´t have ETA but you can expect it by end of the year if all goes well


VRF is already in 1.4

vyos@r1-roll# set vrf name FOO protocols 
Possible completions:
+> bgp          Border Gateway Protocol (BGP)
 > isis         Intermediate System to Intermediate System (IS-IS)
 > ospf         Open Shortest Path First (OSPF)
 > static       Static route parameters