vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Alignment

Browse Source
This commit is contained in:
goodNETnick 2021-10-11 18:03:06 +10:00
parent e4dc6e74f7
commit d6da7e765e
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/configuration/interfaces/vti.rst
View File

@ -29,11 +29,12 @@ Results in:
set vpn ipsec options disable-route-autoinstall
More details about the IPsec and VTI issue and option disable-route-autoinstall:
More details about the IPsec and VTI issue and option disable-route-autoinstall
https://blog.vyos.io/vyos-1-dot-2-0-development-news-in-july
The root cause of the problem is that for VTI tunnels to work, their traffic selectors
have to be set to 0.0.0.0/0 for traffic to match the tunnel, even though actual routing
decision is made according to netfilter marks. Unless route insertion is disabled
entirely, StrongSWAN thus mistakenly inserts a default route through the
VTI peer address, which makes all traffic routed to nowhere.
The root cause of the problem is that for VTI tunnels to work, their traffic
selectors have to be set to 0.0.0.0/0 for traffic to match the tunnel, even
though actual routing decision is made according to netfilter marks. Unless
route insertion is disabled entirely, StrongSWAN thus mistakenly inserts a
default route through the VTI peer address, which makes all traffic routed
to nowhere.