I just upgraded my VyOS 1.1.8 to 1.3.2. On this router I previously have a VPN IPSEC Policy Based with one of my client. It works for several months.
After I upgrade the router, VPN is up but the remote prefix is not in routing table.
Strange things is I can ping peer prefix.
vRouter:~$ sh vpn ipsec sa
Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal
------------------------------ ------- -------- -------------- ---------------- ---------------- ----------- ------------------------
peer-183.x.x.x-tunnel-1 up 7s 308B/0B 7/0 183.x.x.x mrcc AES_CBC_256/HMAC_SHA1_96
vRouter:~$ sh ip ro 10.35.110.9
Routing entry for 0.0.0.0/0
Known via "static", distance 1, metric 0, best
Last update 2d19h55m ago
* 192.168.146.1, via eth0, weight 1
Routing table 220 did not shows anything
vRouter:~$ sh ip ro table 220
vRouter:~$
But can ping to remote prefix :
vRouter:~$ ping 10.35.110.9 source-address 172.20.13.215
PING 10.35.110.9 (10.35.110.9) from 172.20.13.215 : 56(84) bytes of data.
64 bytes from 10.35.110.9: icmp_seq=1 ttl=64 time=29.7 ms
64 bytes from 10.35.110.9: icmp_seq=2 ttl=64 time=271 ms
64 bytes from 10.35.110.9: icmp_seq=3 ttl=64 time=230 ms
^C
--- 10.35.110.9 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 6ms
How to install it into routing table? So that my router can find the destination and also can be advertised through other dynamic routing like OSPF or BGP.
To add it to routing table, just add static routes like 10.35.110.0/24 , pointing to your internet gateway as next hop.
Then you can redistribute those on your LAN side.
It does make some sense to do hard-coding like this: The VPN policies are also hard coded.
Convincing customers is part of my job too…