1
2
3
4
5

# in vysite1
configure
delete vpn ipsec
commit
save

1
2
3
4
5

# in vysite3
configure
delete vpn ipsec
commit
save

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

configure
set interfaces tunnel tun0
set interfaces tunnel tun0 encapsulation ipip
set interfaces tunnel tun0 address 10.0.10.1/28
set interfaces tunnel tun0 source-address 100.0.10.2
set interfaces tunnel tun0 remote 100.0.20.1

set protocols static route 100.2.10.0/24 next-hop 10.0.10.2
comimt
save

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

configure
set interfaces tunnel tun0
set interfaces tunnel tun0 encapsulation ipip
set interfaces tunnel tun0 address 10.0.10.2/28
set interfaces tunnel tun0 source-address 100.0.20.1
set interfaces tunnel tun0 remote 100.0.10.2

set protocols static route 100.1.10.0/24 next-hop 10.0.10.1
commit
save

1
2
3
4

vagrant@deb01:~$ traceroute -n 100.2.10.1
traceroute to 100.2.10.1 (100.2.10.1), 30 hops max, 60 byte packets
 1  100.1.10.1  0.750 ms  0.716 ms  0.703 ms
 2  100.2.10.1  1.719 ms  1.707 ms  1.693 ms

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

vyos@vysite1:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

S>* 0.0.0.0/0 [210/0] via 10.0.2.2, eth0, weight 1, 09:53:37
C>* 10.0.2.0/24 is directly connected, eth0, 09:53:37
C>* 10.0.10.0/28 is directly connected, tun0, 00:04:45
O   100.0.10.0/24 [110/1] is directly connected, eth2, weight 1, 09:11:00
C>* 100.0.10.0/24 is directly connected, eth2, 09:11:39
O>* 100.0.20.0/24 [110/2] via 100.0.10.1, eth2, weight 1, 09:09:15
C>* 100.1.10.0/24 is directly connected, eth1, 09:11:40
S>* 100.2.10.0/24 [1/0] via 10.0.10.2, tun0, weight 1, 00:04:43