User Details
- User Since
- Jan 7 2021, 9:24 AM (114 w, 4 d)
Tue, Feb 21
it's fixed already in vyos/vyos-build#293 (although in a different way), just downloaded the newest image and tested it. I'm closing this ticket, apologies for the noise.
Mon, Feb 20
Aug 22 2022
This is what I did (forgot to write it here) with the difference that my sleep timer is 60s as my config has many lines.
Would be good to have this fixed properly.
Jul 11 2022
Aug 26 2021
Aug 17 2021
Jun 11 2021
It's a bit confusing, I can create a tunnel with 0.0.0.0/0 if I need it. That how it is also done on PaloAlto FW and Fortigate. Anyway, it is just my opinion. Thanks for picking up this request so quickly.
@sdev That makes sense, you can also get rid of "esp-group" under vti as it will be specified per tunnel.
I like that we can specify multiple prefixes under one tunnel but also can configure multiple tunnels for more complex scenarios.
@sdev Yes, this can be done identically as the tunnel definition.
Jun 10 2021
@sdev Will it not create a full mesh, for example:
10.10.10.0/24 <--> 192.168.10.0/24
10.10.20.0/24 <--> 192.168.20.0/24
It will also set IPsec for 10.10.10.0/24 <--> 192.168.20.0/24 and 10.10.20.0/24 <--> 192.168.10.0/24 that may not be desired.
@Viacheslav Can be similar to policy-based ipsec
# set vpn ipsec site-to-site peer 1.1.1.1 tunnel 1
Possible completions:
allow-nat-networks
Option to allow NAT networks
allow-public-networks
Option to allow public networks
disable Option to disable vpn tunnel
esp-group ESP group name
> local Local parameters for interesting traffic
protocol Protocol to encrypt
> remote Remote parameters for interesting trafficMay 26 2021
@Viacheslav We have been running the new rolling realse in the lab since 24th May with no issues. Thanks for help.