I’m labbing a scenario and have run into some sort of a bug but I’m not clear on how best to proceed in narrowing this down/resolving it where I have a policy route used to next-hop specific traffic over to our site to site VPN. The policy route works perfectly in 1.3.0 but doesn’t in 1.3.2. I’ve tried on a system that was running 1.3.0 and then updated to 1.3.2 and also on a fresh system installed with 1.3.2 and both fail.
Here’s all the players:
Test system: eth0: 10.6.0.10 untagged
L3 Switch1: eth0.2030 172.16.6.70/28 # used for internal links between Switch, Router and VPN
L3 Switch1: eth1: 10.6.0.1 vlan untagged # gateway for 10.6.0.0/24
VPN Server: eth0.2030 172.16.6.72/28
Router1: eth0.2010 126.96.36.199/24 # WAN
Router1: eth0.2030 172.16.6.65/28
set interfaces ethernet eth0 vif 2010 address '188.8.131.52/24' set interfaces ethernet eth0 vif 2030 address '172.16.6.66/28' set interfaces ethernet eth0 vif 2030 policy route 'VPN' set policy route VPN rule 1004 destination address '10.3.0.0/16' set policy route VPN rule 1004 set table '10' set policy route VPN rule 1004 source address '10.6.0.0/16' set protocols static route 0.0.0.0/0 next-hop 184.108.40.206 set protocols static route 10.6.0.0/16 next-hop 172.16.6.70 set protocols static table 10 route 0.0.0.0/0 next-hop 172.16.6.72
Testing is done via a simple ping from a container with IP 10.6.0.10 to 10.3.0.10 which fails and 10.6.0.10 received a “net unreachable” from my WAN simulators IP 220.127.116.11.
10.6.0.10 > 10.6.0.1(Switch) > default route to 172.16.6.66(Router) > PBR next-hops to VPN at 172.16.6.70
The problem is my ping from 10.6.0.10 is going out the Router default route to 18.104.22.168 which obviously doesn’t know what to do with it.
Any help or insight would be appreciated!