Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
D_W
Advisor
Jump to solution

VPN Routes not visible in Gaia

Hello Mates,

have here a R81.10 T22 with a S2S VPN to 3rd Party but I cannot see the route to the target encryption domain in the route table of the OS or in Gaia. The VPN works fine though.

Is this by design or do I miss an option?

 

Regards

David

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend

You can't redistribute that directly since routes in the vpn_routing table are not "real" routes that exist in the Gaia OS that OSPF can see.

If you are using at least R81, check out NAT Pools which should allow redistribution.  Here is the relevant page from my Gaia 3.10 Immersion self-guided video series:

natpools2.png

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

9 Replies
mk1
Collaborator

Is this a route based or policy based VPN?

0 Kudos
D_W
Advisor

We define in the VPN communities the encryption domains for each site so i guess it's domain based.
I haven't found a quick answer about the difference of each types (route based, policy based, domain based) 😅

0 Kudos
mk1
Collaborator

Then you will not find them in the routing table. You can try with the following command in the Expert mode:

fw tab -f -t vpn_routing -u

D_W
Advisor

ah yes there i see it...
Any ideas how i can use this route now to redistribute it via OSPF?
I mean it works when I manually add an static-route for the neeeded route and add it to a route-map but this is an equal ugly solution as the output from "fw tab -f -t vpn_routing -u" 😥

0 Kudos
mk1
Collaborator

In my opinion, after you need dynamic routing the best way would be to convert to route based VPNs. As you said, it's not possible to advertise a route which doesn't exist in your routing table. The other option is the proposed from you, to add static route pointing to your gateway through the proper outgoing interface for instance and then advertise it via OSPF.

0 Kudos
D_W
Advisor

I checked now the situation on another CP Gateway (r80.40) where we have other domain based VPNs and there I see the kernel Routes. BUT only the routes from the star communities.


Tried now to reconfigure my Mesh-Community to Star to check if the Routes will show up but no 😞

0 Kudos
_Val_
Admin
Admin

Those are not OS system level routes, those are VPN routes.

Timothy_Hall
Legend Legend
Legend

You can't redistribute that directly since routes in the vpn_routing table are not "real" routes that exist in the Gaia OS that OSPF can see.

If you are using at least R81, check out NAT Pools which should allow redistribution.  Here is the relevant page from my Gaia 3.10 Immersion self-guided video series:

natpools2.png

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
D_W
Advisor

Cool! Thanks I can work with that handy solution!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events