Hi All,
My vyos router have 2 interfaces:
eth0: 2.2.2.2
eth1: 192.168.10.1
The router acts a vpn gateway for site to site.
This is my route table:
vyos@VC-VYOS-01:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
S>* 0.0.0.0/0 [1/0] via 2.2.2.2, eth0
C>* 10.18.1.0/24 is directly connected, dum0
C>* 127.0.0.0/8 is directly connected, lo
C>* 172.16.10.0/24 is directly connected, vtun0
K>* 172.18.1.0/24 is directly connected, eth0
C>* 192.168.10.0/24 is directly connected, eth1
K>* 192.168.15.0/24 is directly connected, eth0
C>* 2.2.2.0/24 is directly connected, eth0
The remote ends may have overlapping remote network so I created a source nat.
SOURCE NAT
===========
set nat source rule 10 log 'enable'
set nat source rule 10 outbound-interface 'eth1'
set nat source rule 10 source address '172.18.1.0/24'
set nat source rule 10 translation address '10.18.1.0/24'
#STATIC ROuTE USING TABLE
=========================
set protocols static table 2 route 0.0.0.0/0 next-hop '192.168.10.1'
#POLICY ROUTE
=============
set policy route SRC-ROUTE rule 20 destination address '0.0.0.0/0'
set policy route SRC-ROUTE rule 20 set table '2'
set policy route SRC-ROUTE rule 20 source address '10.18.1.0/24'
I need to route all ipsec traffic to eth1. So I read that policy based route is viable. But PBR can only be applied in the ingress interface and since i am not using vti interfaces, I cannot apply pbr.
I created a dummy interface thinking I can use PBR.
vyos@VC-VYOS-01# show interfaces dummy dum0
address 10.18.1.1/24
Do you have any suggestion on how to send 0.0.0.0/0 ipsec traffic to eth1