VyOS Platform Blog

VyOS 1.2.0 development news in July

Despite the slow news season and the RAID incident that luckily slowed us down only for a couple of days, I think we've made good progress in July. First, Kim Hagen got ...

On security of GRE/IPsec scenarios

04/27/18 15:33 By: Daniil Baturin

As we've already discussed, there are many ways to setup GRE (or something else) over IPsec and they all have their advantages and disadvantages. Recently an issue was brought to ...

Interaction between IPsec and NAT (on the same router)

02/01/18 7:01 By: Daniil Baturin

I've just completed a certain unusual setup that involved NATing packets before they are sent to an IPsec tunnel, so I thought I'll write about this topic. Even in perfectly ...

Setting up GRE/IPsec behind NAT

01/19/18 16:00 By: Daniil Baturin

In the previous posts of this series we've discussed setting up "plain" IPsec tunnels from behind NAT. The transparency of the plain IPsec, however, is more often a curse than a ...

How to setup an IPsec connection between two NATed peers: using id's and RSA keys

01/12/18 10:05 By: Daniil Baturin

In the previous post from this series, we've discussed setting up an IPsec tunnel from a NATed router to a non-NATed one. The key point is that in the presence of NAT, the ...

Why IPsec behind 1:1 NAT is so problematic and what you can do about it

01/06/18 0:14 By: Daniil Baturin

Not so long ago the only scenario when the issues with IPsec and NAT could arise was a remote access setup, while routers invariably had real public addresses and router to ...