After adding VLAN interfaces to my server, I discovered that using the interfaces independently (eg curl --interface enp1s0.10 wouldn’t work. Because the default route on the system is via enp1s0, the router drops the packet since the gateway for enp1s0 has no route back to the source of the packet (at least I think that’s what’s happening ¯\_(ツ)_/¯). To make sure packets exit the system from the correct interface we need to add a new route table for each VLAN. We can do this using the post-up commands after defining the interfaces in /etc/network/interfaces.

An example VLAN interface might look like:

auto enp1s0.10
iface enp1s0.10 inet static
	vlan-raw-device enp1s0
	post-up ip route add dev enp1s0.10 src table 10
	post-up ip route add default via dev enp1s0.10 table 10
	post-up ip rule add from table 10
	post-up ip rule add to table 10

The interface gets its own route table (table 10 for simplicity I’ve numbered these to match the VLAN tag). On that table we add a route to the network from the enp1s0.10 with source address, and set the default route via We then add two rules to use this table for all packets to or from the interface’s address.

Once the interface is up we can now use the VLAN interfaces directly.

The new route table can be shown with:

$ ip route list table 10
default via dev enp1s0.10 dev enp1s0.10 scope link src

And the routing rules with:

$ ip rule list
0:	from all lookup local
32764:	from all to lookup 10
32765:	from lookup 10
32766:	from all lookup main
32767:	from all lookup default
Blog Logo

Tom Henderson