Source IP on local outbound traffic


#1

Hello,

We have an issue where we have have an interface (eth5) that has the following IPs assigned:

eth5 204.555.555.1/24 u/u
eth5.400 10.10.0.1/30 u/u P2P-TO-ER01
eth5.401 10.10.0.5/30 u/u P2P-TO-ER02

The issue is, for outbound traffic to the web (for example, a simple ping command) it either goes out interface eth5.400 or eth4.401 (based on OSPF) and it will use either 10.10.0.1 or 10.10.0.5 as the source IP. Obviously, this will not work and therefore we do not receive a response. DNS does not resolve or anything else that does not specify an IP works.

Looking at the linux kernel documentation, it seems this is standard behavior. Linux will use the IP address of the egress interface, unless there is a ‘src’ hint involved. It seems I can specify one with some ip route commands but I’m afraid this might affect whatever routing I have enabled now. Is there some kind of command in vyos that will allow me to specify the source Ip for local outbound traffic? I was hoping it would use the public IP assigned directly on eth5 (204.555.555.1).

Thanks!


#2

There is no easy way to do it globally since the kernel, as far as I’m aware, doesn’t have this option, so it has to be per-application. However, if I’m wrong and there actually is such an option, I’d be happy to integrate it.