Router - VyOS: Difference between revisions
(Created start of a VyOS page) |
m (Grammer fixes) |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
VyOS is an Open Source router operating system built on top of Debian Linux. |
[https://www.vyos.net/ VyOS] is an Open Source router operating system built on top of Debian Linux. |
||
Rather than having to configure lots of different software packages, everything is |
Rather than having to configure lots of different software packages, everything is controlled through a single configuration file and it uses a command-line based configuration interface, similar to Juniper's Junos OS. It is based on Vyatta (as is Ubiquiti's EdgeOS). |
||
Documentation for VyOS is available here: https://vyos.readthedocs.io/en/latest/ |
|||
== Hardware == |
== Hardware == |
||
VyOS runs on standard x86 PC hardware (note that version 1.2+ requires 64-bit hardware). |
|||
TBC |
|||
* [https://www.pcengines.ch/apu2.htm PC Engines APU2] is x86 hardware with 2-4 network interfaces, with rack-mount enclosures available |
|||
| ⚫ | |||
* Old [https://www.parkytowers.me.uk/thin/ Thin Clients] on eBay can make cheap routers, as most are fan-less and come with flash storage |
|||
* More in the [https://vyos.readthedocs.io/en/latest/appendix/vyos-on-baremetal.html VyOS 'bare metal' documentation] |
|||
TBC |
|||
== |
== Installing == |
||
VyOS is open source ([https://github.com/vyos/ available on GitHub]), however the stable (Long Term Support) releases (with a version number) are only available with a very expensive subscription. |
|||
Rolling releases, built nightly, are available for free and can be downloaded here: https://downloads.vyos.io/?dir=rolling/current/amd64 |
|||
After downloading an ISO, copy it on to a USB drive (I used [https://www.balena.io/etcher/ Etcher]) and then boot off the USB drive to run the <code>install image</code> command. |
|||
Full install instructions here: https://vyos.readthedocs.io/en/latest/install.html |
|||
| ⚫ | |||
This section describes how to configure the LAN interface (eth0) with an IP address and advertise addresses using SLAAC and DHCP. |
|||
First, configure addresses on the interface. |
|||
We are going to use the first /64 subnet of your IPv6 allocation for the LAN subnet. |
|||
<code>xxxx</code> needs to be replaced with your AAISP IPv6 allocation. |
|||
<pre> |
|||
set interface ethernet eth0 description "LAN" |
|||
set interface ethernet eth0 address 192.168.1.1/24 |
|||
set interface ethernet eth0 address 2001:8b0:xxxx::1/64 |
|||
</pre> |
|||
To configure SLAAC / IPv6 router advertisements enter the following two commands: |
|||
<pre> |
|||
set interface ethernet eth0 ipv6 router-advert send-advert true |
|||
set interface ethernet eth0 ipv6 router-advert prefix 2001:8b0:xxxx::/64 |
|||
</pre> |
|||
Then to configure a DHCP server on the LAN interface: |
|||
<pre> |
|||
set service dhcp-server shared-network-name LAN authoritative |
|||
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router '192.168.1.1' |
|||
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server '217.169.20.20' |
|||
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server '217.169.20.21' |
|||
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 domain-name 'example.com' |
|||
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease '86400' |
|||
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 0 start '192.168.1.10' |
|||
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 0 stop '192.168.1.250' |
|||
</pre> |
|||
== Configuring WAN / PPPoE == |
|||
This section configures PPPoE on the WAN interface (eth1). |
|||
Replace the <code>user-id</code> and <code>password</code> with your AAISP username and password. |
|||
Note that IPv6 has to be explicitly enabled on the PPPoE interface. |
|||
<pre> |
|||
set interface ethernet eth1 description "WAN" |
|||
set interface ethernet eth1 pppoe 0 user-id mxxxx@a.1 |
|||
set interface ethernet eth1 pppoe 0 password xxxx |
|||
set interface ethernet eth1 pppoe 0 mtu 1492 |
|||
set interface ethernet eth1 pppoe 0 default-route auto |
|||
set interface ethernet eth1 pppoe 0 name-server auto |
|||
set interface ethernet eth1 pppoe 0 enable-ipv6 |
|||
set interface ethernet eth1 pppoe 0 ipv6 address autoconf |
|||
</pre> |
|||
Unlike IPv4, routing for IPv6 isn't enabled automatically when the interface comes up. I had to add a default static route for IPv6. |
|||
<pre> |
|||
set protocols static interface-route6 ::/0 next-hop-interface pppoe0 |
|||
</pre> |
|||
Finally, set up NAT, so that the private IPv4 addresses on the LAN interface can access the internet: |
|||
<pre> |
|||
set nat source rule 100 description "NAT for IPv4 on LAN" |
|||
set nat source rule 100 outbound-interface 'pppoe0' |
|||
set nat source rule 100 source address '192.168.1.0/24' |
|||
set nat source rule 100 translation address masquerade |
|||
</pre> |
|||
| ⚫ | |||
TBC |
|||
* The first network interface (eth0) is connected to the local LAN |
|||
| ⚫ | |||
* The second network interface (eth1) is connected to a VDSL modem for PPPoE |
|||
* IPv4 NAT is configured for LAN devices to access the Internet |
|||
* Passwords (***) and placeholders (xxxx) need to be replaced with your details |
|||
* No firewall is configured in this example |
|||
<pre> |
<pre> |
||
| Line 84: | Line 168: | ||
lease 86400 |
lease 86400 |
||
range 0 { |
range 0 { |
||
start 192.168.1. |
start 192.168.1.10 |
||
stop 192.168.1. |
stop 192.168.1.250 |
||
} |
} |
||
} |
} |
||
Latest revision as of 17:57, 11 Ocak 2020
VyOS is an Open Source router operating system built on top of Debian Linux. Rather than having to configure lots of different software packages, everything is controlled through a single configuration file and it uses a command-line based configuration interface, similar to Juniper's Junos OS. It is based on Vyatta (as is Ubiquiti's EdgeOS).
Documentation for VyOS is available here: https://vyos.readthedocs.io/en/latest/
Hardware
VyOS runs on standard x86 PC hardware (note that version 1.2+ requires 64-bit hardware).
- PC Engines APU2 is x86 hardware with 2-4 network interfaces, with rack-mount enclosures available
- Old Thin Clients on eBay can make cheap routers, as most are fan-less and come with flash storage
- More in the VyOS 'bare metal' documentation
Installing
VyOS is open source (available on GitHub), however the stable (Long Term Support) releases (with a version number) are only available with a very expensive subscription.
Rolling releases, built nightly, are available for free and can be downloaded here: https://downloads.vyos.io/?dir=rolling/current/amd64
After downloading an ISO, copy it on to a USB drive (I used Etcher) and then boot off the USB drive to run the install image command.
Full install instructions here: https://vyos.readthedocs.io/en/latest/install.html
Configuring LAN Interface
This section describes how to configure the LAN interface (eth0) with an IP address and advertise addresses using SLAAC and DHCP.
First, configure addresses on the interface.
We are going to use the first /64 subnet of your IPv6 allocation for the LAN subnet.
xxxx needs to be replaced with your AAISP IPv6 allocation.
set interface ethernet eth0 description "LAN" set interface ethernet eth0 address 192.168.1.1/24 set interface ethernet eth0 address 2001:8b0:xxxx::1/64
To configure SLAAC / IPv6 router advertisements enter the following two commands:
set interface ethernet eth0 ipv6 router-advert send-advert true set interface ethernet eth0 ipv6 router-advert prefix 2001:8b0:xxxx::/64
Then to configure a DHCP server on the LAN interface:
set service dhcp-server shared-network-name LAN authoritative set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router '192.168.1.1' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server '217.169.20.20' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server '217.169.20.21' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 domain-name 'example.com' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease '86400' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 0 start '192.168.1.10' set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 0 stop '192.168.1.250'
Configuring WAN / PPPoE
This section configures PPPoE on the WAN interface (eth1).
Replace the user-id and password with your AAISP username and password.
Note that IPv6 has to be explicitly enabled on the PPPoE interface.
set interface ethernet eth1 description "WAN" set interface ethernet eth1 pppoe 0 user-id mxxxx@a.1 set interface ethernet eth1 pppoe 0 password xxxx set interface ethernet eth1 pppoe 0 mtu 1492 set interface ethernet eth1 pppoe 0 default-route auto set interface ethernet eth1 pppoe 0 name-server auto set interface ethernet eth1 pppoe 0 enable-ipv6 set interface ethernet eth1 pppoe 0 ipv6 address autoconf
Unlike IPv4, routing for IPv6 isn't enabled automatically when the interface comes up. I had to add a default static route for IPv6.
set protocols static interface-route6 ::/0 next-hop-interface pppoe0
Finally, set up NAT, so that the private IPv4 addresses on the LAN interface can access the internet:
set nat source rule 100 description "NAT for IPv4 on LAN" set nat source rule 100 outbound-interface 'pppoe0' set nat source rule 100 source address '192.168.1.0/24' set nat source rule 100 translation address masquerade
Complete Example Configuration
- The first network interface (eth0) is connected to the local LAN
- The second network interface (eth1) is connected to a VDSL modem for PPPoE
- IPv4 NAT is configured for LAN devices to access the Internet
- Passwords (***) and placeholders (xxxx) need to be replaced with your details
- No firewall is configured in this example
interfaces {
ethernet eth0 {
description LAN
address 192.168.1.1/24
address 2001:8b0:xxxx::1/64
ipv6 {
router-advert {
send-advert true
prefix 2001:8b0:xxxx::/64 {
}
}
}
}
ethernet eth1 {
description WAN
duplex auto
speed auto
pppoe 0 {
default-route auto
enable-ipv6
ipv6 {
address {
autoconf
}
}
mtu 1492
name-server auto
user-id mxxx@a.1
password ****************
}
}
loopback lo {
}
}
nat {
source {
rule 100 {
description "NAT for IPv4 on LAN"
outbound-interface pppoe0
source {
address 192.168.1.0/24
}
translation {
address masquerade
}
}
}
}
protocols {
static {
interface-route6 ::/0 {
next-hop-interface pppoe0 {
}
}
}
}
service {
dhcp-server {
shared-network-name LAN {
authoritative
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 217.169.20.20
dns-server 217.169.20.21
domain-name example.com
lease 86400
range 0 {
start 192.168.1.10
stop 192.168.1.250
}
}
}
}
ssh {
port 22
}
}
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 115200
}
}
host-name vyos
login {
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
}
ntp {
server time.aa.net.uk {
}
server 0.uk.pool.ntp.org {
}
server 1.uk.pool.ntp.org {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}