Policy route not work with group in VyOS 1.4.0-epa2?

Hello，I’m testing the combination of group and policy route on VyOS 1.4, but it doesn’t seem to work. The routes to 8.8.8.8 and 1.0.1.0/24 don’t to be going through the table as intended. Could you please advise on how to adjust this? Thank you.

set firewall group address-group TEST address ‘8.8.8.8’
set firewall group network-group ip_list network ‘1.0.1.0/24’

set policy route LIST interface ‘tun100’
set policy route LIST rule 11 destination group network-group ‘ip_list’
set policy route LIST rule 11 set table ‘11’
set policy route TEST interface ‘eth2’
set policy route TEST rule 12 destination group address-group ‘TEST’
set policy route TEST rule 12 set table ‘12’
set protocols static route 0.0.0.0/0 next-hop X.X.X.X
set protocols static table 10 route 0.0.0.0/0 next-hop 172.16.50.1
set protocols static table 11 route 0.0.0.0/0 next-hop 172.16.50.1
set protocols static table 12 route 0.0.0.0/0 next-hop 172.16.1.200

Welcome to the Vyos forums lychee!

It seems you really just want to do “routing” rather than policy routing - to get to destination X go this way. Policy routing in my mind is more about changing the next-hop based on source address.

Regardless of that though - are interfaces you have listed (tun100 & eth2) the ingress interfaces of the traffic you wish to reroute?

Hello @tjh ，

thank you for the quick reply!

Eth1 is my WAN port, and the default route will through X.X.X.X via Eth1.

However, I want to change the next hop based on the destination subnet, routing traffic through Eth2 and Tun100 to 172.16.50.1 and 172.16.1.200, which are on another VyOS instance.