Ok, my config for both Routers is below. It looks like a fairly basic setup. I’ve removed all NAT rules.
My WAN interfaces are bridged to the physical NICs and I can still Ping the WAN interfaces of each router from the other router. But a traceroute and ping to the LAN interface of the other side just times out.
Router01 Config
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
eth0 192.168.50.208/24 u/u WAN
eth1 192.168.0.254/24 u/u Site1
eth2 192.168.10.254/24 u/u Site2
lo 127.0.0.1/8 u/u
::1/128
vyos@Router01# show
interfaces {
ethernet eth0 {
address dhcp
description WAN
duplex auto
hw-id 00:0c:29:44:66:50
smp_affinity auto
speed auto
}
ethernet eth1 {
address 192.168.0.254/24
description Site1
duplex auto
hw-id 00:0c:29:44:66:5a
smp_affinity auto
speed auto
}
ethernet eth2 {
address 192.168.10.254/24
description Site2
duplex auto
hw-id 00:0c:29:44:66:64
smp_affinity auto
speed auto
}
loopback lo {
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 192.168.50.1 {
distance 1
}
}
route 192.168.20.0/24 {
next-hop 192.168.50.212 {
distance 1
}
}
}
}
service {
ssh {
listen-address 0.0.0.0
port 22
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name Router01
login {
user vyos {
authentication {
encrypted-password $1$2MLB7Sgt$FDses2bWJLkEdlIE47Z0U/
}
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
name-server 208.67.222.222
name-server 208.67.220.220
ntp {
server uk.pool.ntp.org {
prefer
}
}
package {
auto-sync 1
repository community {
components main
distribution hydrogen
password “”
url http://packages.vyos.net/vyos
username “”
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/London
Router02 Config
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
eth0 192.168.50.212/24 u/u WAN
eth1 192.168.20.254/24 u/u LAN
lo 127.0.0.1/8 u/u
::1/128
vyos@Router02# show
interfaces {
ethernet eth0 {
address dhcp
description WAN
duplex auto
hw-id 00:0c:29:8c:bb:eb
smp_affinity auto
speed auto
}
ethernet eth1 {
address 192.168.20.254/24
description LAN
duplex auto
hw-id 00:0c:29:8c:bb:f5
smp_affinity auto
speed auto
}
loopback lo {
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 192.168.50.1 {
distance 1
}
}
route 192.168.0.0/24 {
next-hop 192.168.50.208 {
distance 1
}
}
route 192.168.10.0/24 {
next-hop 192.168.50.208 {
distance 1
}
}
}
}
service {
ssh {
listen-address 0.0.0.0
port 22
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name Router02
login {
user vyos {
authentication {
encrypted-password $1$xoQZPJfp$iQ5eA7LhFqsCgK/Eby/N41
}
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
name-server 208.67.222.222
name-server 208.67.220.220
ntp {
server uk.pool.ntp.org {
prefer
}
}
package {
auto-sync 1
repository community {
components main
distribution hydrogen
password “”
url http://packages.vyos.net/vyos
username “”
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/London
Traceroute from Router01 to WAN interface of Router02
vyos@Router01# traceroute 192.168.50.212
traceroute to 192.168.50.212 (192.168.50.212), 30 hops max, 60 byte packets
1 192.168.50.212 (192.168.50.212) 7.712 ms 8.290 ms 9.432 ms
Traceroute from Router01 to LAN interface of Router02
vyos@Router01# traceroute 192.168.20.254
traceroute to 192.168.20.254 (192.168.20.254), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *