General • Accessing router-hosted services (DNS, HTTP, etc) from a VRF

Hello,

I've got a setup where I have one VRF with a bunch of interfaces in it. I also have manual routes set up between the VRF and the main routing table, such that a host on the VRF interface can talk to a host on the "main"/non-VRF interface and vice-versa. Here's an example:

main interfaces:
* eth1 - 10.1.1.1/24
* eth2 - 10.1.2.1/24

main-side hosts:
* 10.1.1.2 connected to eth1
* 10.1.2.2 connected to eth2

VRF interfaces:
* eth3 - 10.2.1.1/24
* eth4 - 10.2.2.1/24

VRF-side hosts:
* 10.2.1.2 connected to eth3
* 10.2.2.2 connected to eth4

All hosts can ping each other thanks to the manually set up routes between the VRF routing table and main one.

Now the problem is that the router hosts a handful of services such as DNS, HTTP web UI as well as Wireguard responder. Any hosts on the "main" side can talk to it using either of the router's IPs (10.1.1.1 or 10.1.2.1). Problem is that the VRF-side hosts can't talk to the router at all using either the VRF-side IPs (somewhat expected) or the main-side IPs (which I'd expect to work thanks to the manual routes).

Anyone knows a solution?

Statistics: Posted by Rjevski — Wed Jan 03, 2024 10:32 am

---