Page MenuHomeVyOS Platform
Create Task
Maniphest T1207

DMVPN behind NAT
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

In continuation of T1186
we need to have spokes behind NAT working

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Related Objects

Event Timeline

syncer assigned this task to UnicronNL.Jan 27 2019, 12:27 AM
syncer triaged this task as Low priority.
syncer created this task.
pasik added a subscriber: pasik.Feb 8 2019, 12:58 PM
hammerstud added a subscriber: hammerstud.Apr 23 2020, 4:31 PM
Dmitry claimed this task.Nov 27 2020, 7:51 AM
Dmitry added subscribers: UnicronNL, Dmitry.

Following this issue request https://sourceforge.net/p/opennhrp/support-requests/3/ we need to use transport mode instead of a tunnel. Was tested on AWS node and it looks working even with selector remote_ts = dynamic[gre]

Dmitry changed the task status from Open to In progress.EditedNov 30 2020, 7:27 AM

DMVPN Spokes work properly behind a NAT if we use transport mode instead of tunnel. e.g.

set vpn ipsec esp-group ESP-HUB mode transport

So I think we need to add this info to docs.vyos.io and close this Feature Request

Dmitry closed this task as Resolved.Nov 30 2020, 2:28 PM

PR with changed types in docs https://github.com/vyos/vyos-documentation/pull/380
ESP transport mode works properly on Cisco Router and VyOS routers together.

dmbaturin edited projects, added VyOS 1.3 Equuleus (1.3.0-epa1); removed VyOS 1.3 Equuleus.Sep 11 2021, 1:53 AM
dmbaturin set Is it a breaking change? to Perfectly compatible.Sep 29 2021, 1:34 PM
dmbaturin set Issue type to Improvement (missing useful functionality).