Route internet traffic over site to site VPN tunnel


#1

I have 2 VyOS routers in AWS, one in us-west-1 (N. Ca) and one in ap-northeast-1 (Tokyo) and I’ve created an IPSEC tunnel between them. I’d like to route all internet traffic from us-west-1 out through ap-northeast-1. I know how to change routes in each VPC, but I’m not sure how to tell VyOS to pass all traffic over the tunnel. If I change my 0.0.0.0 route on the us-west-1 router I assume it will prevent the tunnel from coming up. Can anyone point me towards the right direction for how to set this up?


#2

Add a /32 route to remote peer, that route will always beat default route learned on tunnel (longer match)

Alternatively, use VTI IPSEC tunnel, add default route on tunnel into a separate routing table and use PBR to make traffic originating from LAN use that table.


#3

Hello,
try to see user guide
https://wiki.vyos.net/wiki/User_Guide