Hi @michaelmertens
Tunnel interfaces are virtual and as such do not necessarily require an IP when connected to another route based vpn device
You would apply the /30 to your physical interface
Then configure an 'ike gateway'for the remote device's IP in the /30 and can then use 'unnumbered' tunnel interfaces
In your VirtualRouter you can just set a destination interface as next hop, no need for an IP
For tunnel monitoring you could add IP addresses to the tunnel interfaces, but you could also use a loopback interface
In both cases these up addresses do not need to be known outside of the 2 devices
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
