VyOS Project August 2024 Update
Hello, Community! This month's development news includes many bug fixes and features, including remote access IPsec using VTI interfaces, support for WPA enterp...
Category: VyOS Platform Blog | ipsec
PKI and IPSec IKEv2 remote-access VPN
Hello! VyOS was always strong in supporting a multitude of different VPN techniques ranging from old school IPsec site-to-site/DMVPN setups to new kids on the b...
VyOS 1.2.0 development news in July
Despite the slow news season and the RAID incident that luckily slowed us down only for a couple of days, I think we've made good progress in July. First, Kim H...
On security of GRE/IPsec scenarios
As we've already discussed, there are many ways to setup GRE (or something else) over IPsec and they all have their advantages and disadvantages. Recently an is...
Interaction between IPsec and NAT (on the same router)
I've just completed a certain unusual setup that involved NATing packets before they are sent to an IPsec tunnel, so I thought I'll write about this topic. Even...
Setting up GRE/IPsec behind NAT
In the previous posts of this series we've discussed setting up "plain" IPsec tunnels from behind NAT. The transparency of the plain IPsec, however, is more oft...
How to setup an IPsec connection between two NATed peers: using id's and RSA keys
In the previous post from this series, we've discussed setting up an IPsec tunnel from a NATed router to a non-NATed one. The key point is that in the presence ...
Why IPsec behind 1:1 NAT is so problematic and what you can do about it
Not so long ago the only scenario when the issues with IPsec and NAT could arise was a remote access setup, while routers invariably had real public addresses a...
