Scenario:
Edgerouter 8pro <-> Edgerouter 8pro
route based site-to-site ipsec vpn
multiple ourside IPs on both sides
Unable to establish vti connection.
always wants to use the 'default' outbound IP instead of the one specified in the site-to-site configuration.
Testing environment:
Configurations from the Edgerouter 8Pros have been adapted to the Edgerouter 4s below)
Edgerouter 4 (eth0 - site A) <-> Edgerouter Lite (eth0) <> (eth2) <-> Edgerouter 4 (eth0 - site B)
SITE A Internet SITE B
12.x.x.234/30 ISP <-------> 12.x.x.233/30 (eth0) <> (eth2) 157.x.x.1/24 <-> 157.x.x.63/24 ISP
12.x.x.226/27 primary outbound 157.x.x.227 primary outbound
12.x.x.227/27 157.x.x.228
12.x.x.229/27 site-to-site 157.x.x.229 site-to-site
10.254.254.1/30 (vti0) 10.254.254.2/30 (vti0)
SITE A: tcpdump = IP 12.x.x.226.500 > 157.x.x.139.500: isakmp: parent_sa ikev2_init[I]
SITE B: tcpdump = IP 157.x.x.137.500 > 12.x.x.229.500: isakmp: parent_sa ikev2_init[1]
This is all I get. It's suppose to go out 12.x.x.229 but it is not. how can I force this to go our .229 and .139 (respective) interface?
The Edgerouter lite has very little config (to let all traffic flow between interfaces...(aka the internet)
I've followed:
https://help.ubnt.com/hc/en-us/articles/115011377588-EdgeRouter-Route-Based-Site-to-Site-IPsec-VPN
but that's a single outside address <-> single outside address
I can include the relevant configs (sanitized) if needed...(it would take a ton of effort as there >2300 lines)