Works
If you've tried to do routing over a vti, you'll know its hard if not impossible to do on typical OSs (RHEL/CentOS). Probably a lot easier with Debian or Ubuntu. The issue that makes you pull your hair out is netkey. Netkey uses ip xfrm (transforms) to "route" traffic, which bypasses the routing table. Its like having two routing tables and two different tools to manage it. The older klips is on its way out in favor of netkey (whhhhyyy!?). As such, only recent kernel and iproute2 versions support vti (virtual tunnel interfaces... think cisco). With vti VyOS made my life so much easier setting up VPN to VPCs (while still using my favorite OS - Linux). The JunOS style cli was great as well. Its much better than the quagga/zebra interface on several levels.
I'm open to consulting.
www.linkedin.com/in/mrrobertgil/en
- Leave a Comment |
- Mark review as helpful