vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Alignment

Browse Source
This commit is contained in:
goodNETnick 2021-10-11 18:03:06 +10:00
parent e4dc6e74f7
commit d6da7e765e
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/configuration/interfaces/vti.rst
View File

@ -29,11 +29,12 @@ Results in:
set vpn ipsec options disable-route-autoinstall set vpn ipsec options disable-route-autoinstall
More details about the IPsec and VTI issue and option disable-route-autoinstall: More details about the IPsec and VTI issue and option disable-route-autoinstall
https://blog.vyos.io/vyos-1-dot-2-0-development-news-in-july https://blog.vyos.io/vyos-1-dot-2-0-development-news-in-july
The root cause of the problem is that for VTI tunnels to work, their traffic selectors The root cause of the problem is that for VTI tunnels to work, their traffic
have to be set to 0.0.0.0/0 for traffic to match the tunnel, even though actual routing selectors have to be set to 0.0.0.0/0 for traffic to match the tunnel, even
decision is made according to netfilter marks. Unless route insertion is disabled though actual routing decision is made according to netfilter marks. Unless
entirely, StrongSWAN thus mistakenly inserts a default route through the route insertion is disabled entirely, StrongSWAN thus mistakenly inserts a
VTI peer address, which makes all traffic routed to nowhere. default route through the VTI peer address, which makes all traffic routed
to nowhere.