Redundant VPN tunnel with Azure

blason · January 15, 2022, 5:01am

Hi team,

I have vyos 1.2.8 and with two ISPs and need to configure the redundant VPN tunnel with Azure. I am referring this article Route-Based Redundant Site-to-Site VPN to Azure (BGP over IKEv2/IPsec) — VyOS 1.4.x (sagitta) documentation however it shows one interface at vyos and if I refer this will it work for two interfaces at vyos?

Do I just need to use other different authentication id and enable ipsec on eth1 as well if I have ISPs configured on eth0 and eth1?

16again · January 15, 2022, 8:51am

add 2 /32 routes, so traffic to ipsec peer addresses (203.0.113.2 and 203.0.113.3 in example) will use gateway of WAN1 / WAN2 respectively.
And enable ipsec on both wan interfaces, instead of only eth0 in example
Both authentication id and local-address should specify vyos WAN IP used for the tunnel.

Why does example use 10.10.0.5 for local-address ?? I’d use vyos WAN IP 198.51.100.3

blason · January 16, 2022, 3:04pm

So in this case I am not sure if I can use ECMP?

system · January 18, 2022, 3:05pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.