Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 1499 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't use Link-Local IP as unicast route gateway

NateP

Just setup a VTI / route-based VPN with a customer who is using AWS VPC.  Unfortunately, AWS side is using a link-local address (169.254.x.x/30) for the tunnel interfaces.  I was able to assign the xfrm interface the needed IP, I can ping the aws side interface as well.  The issue is I went to go and add a route to the VPC, but the WebAdmin won't allow this as it's a link-local address. Seems a lot of firewalls use this address space for this, so what kind of testing was done with RBVPNs in v18?

I was able to add this route in the advanced console, and reach the needed server in AWS, but I understand these kernel routes won't persist reboots, so what now?  Any scripts that I can inject at boot to insert this route?


ip route add 10.0.0.1 via 169.254.111.205 proto zebra



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    because that address range is a none routable range. It is a self assigned address for a device failing to contact a DHCP server.

    Ian

  • 0 in reply to rfcat_vk

    Hello

    I understand it's not routable, I'm not trying to route this link local address space, just using it as next hop on a link. (fairly common with RBVPN).  Its a /30 between my local vti and the vti in AWS.  I'll have to see if the customer can setup dynamic routing and try to see if BGP will work.  I can't possibly be the first person to try static routing with AWS and a XG firewall.

    Have a ticket open, will have to see what premium support has to say, when they get around to it.

Reply
  • 0 in reply to rfcat_vk

    Hello

    I understand it's not routable, I'm not trying to route this link local address space, just using it as next hop on a link. (fairly common with RBVPN).  Its a /30 between my local vti and the vti in AWS.  I'll have to see if the customer can setup dynamic routing and try to see if BGP will work.  I can't possibly be the first person to try static routing with AWS and a XG firewall.

    Have a ticket open, will have to see what premium support has to say, when they get around to it.

Children