Static Interface Route for IP-Sec Tunnel

Hello VyOS community,

I am new to VyOS and have a question regarding IP-Sec routing.

VyOS have multiple interfaces, one WAN and further private LAN for example eth1. How can I route the traffic of one IP-Sec tunnel to eth1 interface (another FW)? Is there any way to set up something like route based VPN?


Classic IPSEC site2site VPN has configured what traffic passes the VPN.

These are local and remote subnet definitions, you can add multiple. If this local subnet isn’t directly connected to vyos, you need to have a route to it. (static , or dynamic using OSPF….)

Newer VPN types introduce extra VPN interface, where you can assign routes to, or even run routing protocol on.
examples:VTI tunnel , or older GRE/IPSEC combo


Thanks for the reply. The requirement is one tunnel for multiple subnets. On the Cisco side it is a route based VPN, so networks are routed to a tunnel interface. The proxy id in this case is but of course this is not working with policy based VPN because complete traffic passed the tunnel. I search for a solution in vyos to set up a tunnel interface and create static routes for the related subnets. Is this possible?