I’m testing vyos in our AWS environments for a requirement to connect us to zscaler for internet filtering. It was really easy to setup but have a problem on the last stage. Essentially, all our Vpcs are connecting into an Inet vpc via vpn tunnel to a vyos router. That part is done. What I need to do now is pbr port 80,433 traffic out a gre tunnel to the filtering service while everything else just gets natted. The pbr works fine for servers sitting in the same vpc of the eth0 interface but the vti interface does not have the ability to do pbr it seems. Anyone have any ideas?
Take a look at https://wiki.vyos.net/wiki/User_Guide#Policy_Routing
vyos@vyos# set interfaces vti vti1 policy route
IPv4 policy route ruleset for interface