We have a HA cluster that requires a new AWS VPN connection. The tunnel comes up and we can ping across the VTI's no issues.😁

However when adding a route to the remote VTI interface the route does not show up on the gaia routing table.😫

So for example the tunnel interfaces are

ClusterIP -  vpnt11 = 169.254.192.2 and we can ping 169.254.192.1

ClusterIP - vpnt12 = 169.254.8.250 and we can ping 169.254.8.149

If we add a static route

#set static-route 10.0.1.5/32 nexthop gateway address 169.254.8.149 o

and look at output of...

#show route destination 10.0.1.5

the output shows the nexthop as following the default Internet route.  (---not the VTI---)

I thought about perhaps overlapping encryption domains clashing so added a temporary routes to different addresses (non private) and they have the same result- they dont show in the routing table towards the VTI.

I then remade the vpn with BGP enabled at AWS.

BGP would not establish with an error - "unable to find interfaces to reach this peer"  (even though I can ping the peer)

I enabled multihop and then BGP established. (even though I can ping the peer as a connected interface😂)

If I look at the routes I am learning from the BGP relationship it appears that the next hop is the default gw and not the 169.254.8.149 / 169.254.192.1 (ie not the bgp peer IP's).

What can cause this ?

How can I resolve this ?

(have remade the vpn twice - also recreated it on the AWS side since you cant swap from static to bgp without deleting- very strange- again vpn is up - bgp is allowed and seen decrypted on the vpn correctly - can ping inside the vti)

Look forward to any thoughts.

GW is R80.20 

thanks