sebastian  Freshman Member

Hello Charlie, the package trace I have forwarded you via PM. The problem isn't that UDP & TCP traffic is forwarded via vti1 interface. The problem is that the Source IP of the DNS package is my wan1 interface IP and not the IP of the vlan interface. E.g. I'm doing a dig I see traffic going to the vti1 interface but with…

Thank you for the quick reply. I do not see any affect. The nslookup is still not working. TCP traffic is working fine based on the policy routes. 

Thank you for the reference. Nevertheless the issue is not the TCP traffic between Site to Site. The problem is the UDP traffic via DNS that the source IP is the wan interface and not the local vlan. Policy route doesn't change the behavior. I'm still waiting for the Zyxel support to come back to me. 

Dear, I have setup a workaround via a raspberrypi and unbound tool. The problem is that the answer from the Zywall is always using my wan1 (Public IP) when I'm using UDP traffic. For TCP traffic it is working fine. Workaround to use a DNS proxy and forward every UDP DNS traffic via TCP to the DNS destination. Best regards,…

Please check your PN.

Hi, I have a IPSec SitetoSie VPN with exactly a policy route and a static route working (without VTI interface). If I try a policy route like for the IPSec vti tunnel it is not working. Option 1 (SNAT_not allowed): Zywall (Incoming), WAN IP (Source), destination netowork, Service (DNS_UDP:53), NextHop (vti1), SNAT not…