My vyos router have 2 interfaces:
The router acts a vpn gateway for site to site.
This is my route table:
vyos@VC-VYOS-01:~$ show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route S>* 0.0.0.0/0 [1/0] via 126.96.36.199, eth0 C>* 10.18.1.0/24 is directly connected, dum0 C>* 127.0.0.0/8 is directly connected, lo C>* 172.16.10.0/24 is directly connected, vtun0 K>* 172.18.1.0/24 is directly connected, eth0 C>* 192.168.10.0/24 is directly connected, eth1 K>* 192.168.15.0/24 is directly connected, eth0 C>* 188.8.131.52/24 is directly connected, eth0
The remote ends may have overlapping remote network so I created a source nat.
SOURCE NAT =========== set nat source rule 10 log 'enable' set nat source rule 10 outbound-interface 'eth1' set nat source rule 10 source address '172.18.1.0/24' set nat source rule 10 translation address '10.18.1.0/24' #STATIC ROuTE USING TABLE ========================= set protocols static table 2 route 0.0.0.0/0 next-hop '192.168.10.1' #POLICY ROUTE ============= set policy route SRC-ROUTE rule 20 destination address '0.0.0.0/0' set policy route SRC-ROUTE rule 20 set table '2' set policy route SRC-ROUTE rule 20 source address '10.18.1.0/24'
I need to route all ipsec traffic to eth1. So I read that policy based route is viable. But PBR can only be applied in the ingress interface and since i am not using vti interfaces, I cannot apply pbr.
I created a dummy interface thinking I can use PBR.
vyos@VC-VYOS-01# show interfaces dummy dum0 address 10.18.1.1/24
Do you have any suggestion on how to send 0.0.0.0/0 ipsec traffic to eth1