Hello,
I have a probably simple question, but I can’t find an answer either on the internet or here.
I have a VyOS router in the data centre that is connected to our office via IPsec site-to-site. The tunnel is not set up via a tunnel interface, but source and destination prefixes are set in the tunnel config. How can I now redistribute the office network in the data centre via OSPF so that the VPN gateway appears as Nexthop in other routers?
Best regards
Erwin Schliske
hi
there are difference way to do it ,also depends with type of ipsec vpn you use (base/routed),but the easiest is to add a static route with its prefix and redistribute it in the ospf process .So you have the next-hop in the default table and the dc host can reach to on-premise prefix.
Hi,
I use base ipsec.
I tried the idea with the static route already, but no luck.
erwin@vpn-site2site-cgn01:~$ sh interfaces ethernet eth1 brief
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth1 10.77.14.8/24 u/u
set protocols ospf redistribute static
set protocols static route 172.20.3.0/24 next-hop 10.77.14.8
commit
erwin@vpngw:~$ sh ip route static
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
S>* 0.0.0.0/0 [1/0] via <defaultgw>, eth0, weight 1, 22w2d19h
erwin@vpngw:~$ sh ip route 172.20.3.0/24
% Network not in table
erwin@vpngw:~$ sh configuration commands | grep "static route"
set protocols static route 0.0.0.0/0 next-hop <defaultgw>
set protocols static route 172.20.3.0/24 next-hop 10.77.14.8
erwin@vpngw:~$ sh configuration commands | grep "tunnel 9"
set vpn ipsec site-to-site peer <peergw> tunnel 9 local prefix '10.77.0.0/16'
set vpn ipsec site-to-site peer <peergw> tunnel 9 remote prefix '172.20.3.0/24'
...
Do you have any idea what I’m doing wrong?
Thanks,
Erwin
The static route should have next-hop set to internet gateway.
You need to add the static route with the next-hop of your vpn , if you need check it .you can run the command show ip route table 220 , it show something like this:
show ip route table 220
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
VRF default table 220:
K>* 192.168.12.0/24 [0/0] via 10.0.80.1, eth0, src 10.0.6.50, 00:02:16
this is a example:
set protocols static route 172.20.3.0/24 next-hop <defaultgw>
Great. That was the solution. Thank you very much!
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.