Why Is a VTI Interface Automatically Created in Nebula Mode, and What Are the Configuration Options?
Zyxel Employee
Question:
Why does a VTI (Virtual Tunnel Interface) automatically appear when configuring a VPN in Nebula mode, and what can be done if the default VTI behavior causes APIPA traffic or interoperability issues?
Answer:
In Nebula mode, the system automatically creates a VTI (Virtual Tunnel Interface) whenever a VPN rule is configured. This is an intentional design mechanism to ensure proper VPN operation and consistent behavior across Nebula-managed devices. The auto-generated VTI cannot be removed or fully customized.
If the default VTI configuration results in APIPA-related issues or compatibility concerns, the following options may help:
Adjust the VTI IP address to a different subnet that avoids any overlap, such as using an address like 100.100.100.1/24.
If specific compliance requirements must be met (e.g., needing to use 10.255.169.0/24) and Nebula mode does not offer the necessary flexibility, consider switching the device to on-premise mode. In on-premise mode, policy-based VPN can be configured, giving you more control over IP allocation.
Categories
- All Categories
- 441 Beta Program
- 2.9K Nebula
- 208 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.4K Security
- 529 USG FLEX H Series
- 333 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 51 Wireless Ideas
- 6.9K Consumer Product
- 292 Service & License
- 461 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.7K FAQ
- 34 Documents
- 86 About Community
- 99 Security Highlight