Hi, just wanted to check if this is a bug or I am missing something. I am running VyOS 1.1.7 (helium) and using site-to-site VPN tunnels with vti interfaces. I noticed one strange behavior - even though the VPN tunnel goes down, the vti interface associated to it is still up - see the attachment (vti555). Is this a bug?
afaik, vti interfaces are always in up state, so you can’t use them in floating routes logic.
otoh VTI interfaces are perfectly suited for using a routing protocol. If remote tunnel endpoint is unreachable , routing protocol will detect this and use different route (…if alternative path is available)
I have same problem with vti interfaces, only in 1.1.7 version.
1.0.2 (hydrogen):
[code]vyos@VHQnod2:~$ show interfaces | grep n0xx-xxxxxxx.org
vti8052000 172.16.52.13/30 A/D n0xx-xxxxxxx.org
vyos@VHQnod2:~$ show vpn ipsec sa peer xx.xx.xx2.xx
Peer ID / IP Local ID / IP
xx.xx.xx.xx xx.xx.xx.xx
Description: n0xx-xxxxxxx.org
Tunnel State Bytes Out/In Encrypt Hash NAT-T A-Time L-Time Proto
------ ----- ------------- ------- ---- ----- ------ ------ -----
vti down n/a n/a n/a no 0 3600 all[/code]
1.1.7:
[code]vyos@HUB1nod2:~$ show interfaces | grep n0xx-xxxxxxx.org
vti8052000 172.16.52.5/30 u/u n0xx-xxxxxxx.org
vyos@HUB1nod2:~$ show vpn ipsec sa peer xx.xx.xx.xx
Peer ID / IP Local ID / IP
xx.xx.xx.xx xx.xx.xx.xx
Description: n0xx-xxxxxxx.org
Tunnel State Bytes Out/In Encrypt Hash NAT-T A-Time L-Time Proto
------ ----- ------------- ------- ---- ----- ------ ------ -----
vti down n/a n/a n/a no 0 3600 all
[/code]
So i’m very confuse it’s a “feature” or bug ?