diff options
author | goodNETnick <pknet@ya.ru> | 2021-10-11 18:03:06 +1000 |
---|---|---|
committer | goodNETnick <pknet@ya.ru> | 2021-10-11 18:03:06 +1000 |
commit | d6da7e765e851473a25b534e702b675b72402359 (patch) | |
tree | 188d36cdeb6d78cb137fb8c7c167de312e1249a7 /docs | |
parent | e4dc6e74f78d44b19018d9bbb15bddb5f6e07653 (diff) | |
download | vyos-documentation-d6da7e765e851473a25b534e702b675b72402359.tar.gz vyos-documentation-d6da7e765e851473a25b534e702b675b72402359.zip |
Alignment
Diffstat (limited to 'docs')
-rw-r--r-- | docs/configuration/interfaces/vti.rst | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/docs/configuration/interfaces/vti.rst b/docs/configuration/interfaces/vti.rst index c5f843a5..1704b9d1 100644 --- a/docs/configuration/interfaces/vti.rst +++ b/docs/configuration/interfaces/vti.rst @@ -29,11 +29,12 @@ Results in: set vpn ipsec options disable-route-autoinstall -More details about the IPsec and VTI issue and option disable-route-autoinstall: +More details about the IPsec and VTI issue and option disable-route-autoinstall https://blog.vyos.io/vyos-1-dot-2-0-development-news-in-july -The root cause of the problem is that for VTI tunnels to work, their traffic selectors -have to be set to 0.0.0.0/0 for traffic to match the tunnel, even though actual routing -decision is made according to netfilter marks. Unless route insertion is disabled -entirely, StrongSWAN thus mistakenly inserts a default route through the -VTI peer address, which makes all traffic routed to nowhere.
\ No newline at end of file +The root cause of the problem is that for VTI tunnels to work, their traffic +selectors have to be set to 0.0.0.0/0 for traffic to match the tunnel, even +though actual routing decision is made according to netfilter marks. Unless +route insertion is disabled entirely, StrongSWAN thus mistakenly inserts a +default route through the VTI peer address, which makes all traffic routed +to nowhere.
\ No newline at end of file |