Why Is a VTI Interface Automatically Created in Nebula Mode, and What Are the Configuration Options?
Zyxel Employee
Question:
Why does a VTI (Virtual Tunnel Interface) automatically appear when configuring a VPN in Nebula mode, and what can be done if the default VTI behavior causes APIPA traffic or interoperability issues?
Answer:
In Nebula mode, the system automatically creates a VTI (Virtual Tunnel Interface) whenever a VPN rule is configured. This is an intentional design mechanism to ensure proper VPN operation and consistent behavior across Nebula-managed devices. The auto-generated VTI cannot be removed or fully customized.
If the default VTI configuration results in APIPA-related issues or compatibility concerns, the following options may help:
Adjust the VTI IP address to a different subnet that avoids any overlap, such as using an address like 100.100.100.1/24.
If specific compliance requirements must be met (e.g., needing to use 10.255.169.0/24) and Nebula mode does not offer the necessary flexibility, consider switching the device to on-premise mode. In on-premise mode, policy-based VPN can be configured, giving you more control over IP allocation.
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 219 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.5K Security
- 589 USG FLEX H Series
- 344 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 52 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 478 News and Release
- 91 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 87 About Community
- 105 Security Highlight