Hey guys, I’ve got about a few months worth of experience with Vyos and am still figuring it out along the way. So I’ve got a Vyos at HQ which has a bunch of ipsec site-to-site peers connected and these are all working fine. I then have clients connecting to the vyos over openvpn. I need these openvpn clients to be able to pass traffic to all ipsec peer networks. Having a hell of a time doing this. I’m pretty sure it’s a simple route I need I’m just not sure where to put it. I included some info and trace routes below to help show my point.
-HQ LAN = 10.123.123.0/24
-Openvpn clients LAN = 10.122.122.0/24
-Ipsec peer 1 = 172.20.30.0/24
-Ipsec peer 2 = 192.168.34.0/24
I need vpn clients on the 10.122.122.0 subnet to be able to talk to the ipsec peer subnets. Currently I can talk to the HQ Lan just fine, but nothing else. See trace routes below. Note from the Vyos itself I can ping all ipsec peer networks without issues.
Tracing route to 10.123.123.10 over a maximum of 30 hops
1 49 ms 48 ms 43 ms 10.122.122.1
2 48 ms 49 ms 62 ms 10.123.123.10
Trace complete.
Tracing route to 172.20.30.54 over a maximum of 30 hops
1 42 ms 43 ms 50 ms 10.122.122.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
Tracing route to 192.168.34.1 over a maximum of 30 hops
1 60 ms 44 ms 52 ms 10.122.122.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
When pinging the HQ lan it’s fine since it’s on the same network the vpn lives on but when pinging the other networks it seems the traffic hits the vpn interface then doesn’t know where to go after.