Hi.
In the process of testing VyOs 1.2.1 we found a bug with wan-load-balancing.
The kernel does not allow add routing tables with OpenVPN Interfaces.
OpenVPN Interface (one of multiple):
# show interfaces openvpn vtun9
description "Description"
firewall {
in {
name ALLOW_EST_REL
}
local {
name TO-ROUTER-FROM-VPN
}
out {
name FROM-ROUTER-TO-XXX
}
}
mode client
openvpn-option "--persist-key --persist-tun --nobind --comp-lzo no"
openvpn-option "--resolv-retry infinite"
protocol udp
remote-host hostanme
remote-port 1194
tls {
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/client.crt
key-file /config/auth/client.key
}Static Route:
interface-route 172.40.9.0/24 {
next-hop-interface vtun9 {
}
}
S>* 172.40.9.0/24 [1/0] is directly connected, vtun9, 21:57:39
K>* 172.40.9.1/32 [0/0] via 172.40.9.9, vtun9, 21:57:54In logs we see:
wan_lb: failure to insert default route on active path with this command: ip route replace table 210 default dev vtun9 via 172.40.9.1
We try to execute command manual, and recieve error:
# ip route replace table 210 default dev vtun9 via 172.40.9.1 Error: Nexthop has invalid gateway.
I found here: https://forums.gentoo.org/viewtopic-t-1092382-highlight-.html that this is a linux-kernel bug.