Router - VyOS

From AAISP Support Site
Revision as of 21:06, 7 Ocak 2020 by Nhumfrey (talk | contribs) (Added configuration commands for PPPoE)

VyOS is an Open Source router operating system built on top of Debian Linux. Rather than having to configure lots of different software packages, everything is control through a single configuration file and it uses a command-line based configuration interface, similar to Juniper's Junos OS. It is based on Vyatta (as is Ubiquiti's EdgeOS).

Documentation for VyOS is available here: https://vyos.readthedocs.io/en/latest/


Hardware

VyOS runs on standard x86 PC hardware (note that version 1.2+ requires 64-bit hardware).


Installing

VyOS is open source (available on GitHub), however the stable (Long Term Support) releases (with a version number) are only available with a very expensive subscription.

Rolling releases, built nightly, are available for free and can be downloaded here: https://downloads.vyos.io/?dir=rolling/current/amd64

After downloading an ISO, copy it on to a USB drive (I used Etcher) and then boot off the USB drive to run the install image command. Full install instructions here: https://vyos.readthedocs.io/en/latest/install.html


Configuring network Interfaces

TBC

Configuring PPPoE

This configures PPPoE on the WAN interface (eth1).

  • Replace the user-id and password with your AAISP username and password
  • Note that IPv6 has to be explicitly enabled on the PPPoE interface
  • Unlike IPv4, routing for IPv6 isn't enabled automatically when the interface comes up. I had to add a default static route for IPv6.
set interface ethernet eth1 description "WAN"

set interface ethernet eth1 pppoe 0 user-id mxxxx@a.1
set interface ethernet eth1 pppoe 0 password xxxx
set interface ethernet eth1 pppoe 0 mtu 1492
set interface ethernet eth1 pppoe 0 default-route auto
set interface ethernet eth1 pppoe 0 name-server auto
set interface ethernet eth1 pppoe 0 enable-ipv6
set interface ethernet eth1 pppoe 0 ipv6 address autoconf

set protocols static interface-route6 ::/0 next-hop-interface pppoe0

Example Configuration

  • The first network interface (eth0) is connected to the local LAN
  • The second network interface (eth1) is connected to a VDSL modem for PPPoE
  • IPv4 NAT is configured for LAN devices to access the Internet
  • Passwords (***) and placeholders (xxxx) need to be replaced with your own details
  • No firewall is configured in this example
interfaces {
    ethernet eth0 {
        description LAN
        address 192.168.1.1/24
        address 2001:8b0:xxxx::1/64
        ipv6 {
            router-advert {
                send-advert true
                prefix 2001:8b0:xxxx::/64 {
                }
            }
        }
    }
    ethernet eth1 {
        description WAN
        duplex auto
        speed auto
        pppoe 0 {
            default-route auto
            enable-ipv6
            ipv6 {
                address {
                    autoconf
                }
            }
            mtu 1492
            name-server auto
            user-id mxxx@a.1
            password ****************
        }
    }
    loopback lo {
    }
}
nat {
    source {
        rule 100 {
            description "NAT for IPv4 on LAN"
            outbound-interface pppoe0
            source {
                address 192.168.1.0/24
            }
            translation {
                address masquerade
            }
        }
    }
}
protocols {
    static {
        interface-route6 ::/0 {
            next-hop-interface pppoe0 {
            }
        }
    }
}
service {
    dhcp-server {
        shared-network-name LAN {
            authoritative
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 217.169.20.20
                dns-server 217.169.20.21
                domain-name example.com
                lease 86400
                range 0 {
                    start 192.168.1.100
                    stop 192.168.1.200
                }
            }
        }
    }
    ssh {
        port 22
    }
}
system {
    config-management {
        commit-revisions 100
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name vyos
    login {
        user vyos {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
            level admin
        }
    }
    ntp {
        server time.aa.net.uk {
        }
        server 0.uk.pool.ntp.org {
        }
        server 1.uk.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
}