Vyos Home-Lab setup

Notes getting vyos up and running

VM

Make sure it has 2 interfaces one for WAN one for LAN/SDN network

Boot

install image

Ansible setup

prerequisites: pipenv , sudo apt install pipenv or brew install pipenv

With pipenv installed , run pipenv install then shell into the pipenv with pipenv shell install ansible requirements, ansible-galaxy install -r requirements.yml

Run the playbooks as normal eg ansible-playbook vyos_base.yml

Ansible setup nix

nix develop to use the flake.nix

with direnv direnv allow . and add eval "$(direnv hook bash)" to ~/.bashrc install direnv via Nix config, Home-manager or via nix-env -i direnv

Initial manual config

set system host-name 'firewall'
set interfaces ethernet eth0 address '10.0.1.254/24' # SDN network
set interfaces ethernet eth1 address '192.168.1.252/24'# Local/WAN network
set interfaces ethernet eth1 address dhcp # WAN not tested
set protocols static route 0.0.0.0/0 next-hop 192.168.1.254 # Router gateway if not using ISP/dhcp
set service dns forwarding allow-from '10.0.1.0/24' # Allow dns forwarding from SDN
set service dns forwarding listen-address '127.0.0.1'
set service ssh listen-address '192.168.1.252' # Set ssh listen address and port
set service ssh port '22'
set system login user <username> authentication plaintext-password foo
set system login user <username> authentication public-keys <keyname> key 'key'
set system login user oli authentication public-keys <keyname> type 'ssh-ed25519'
delete system login user vyos
set system name-server 192.168.1.114 # Set DNS server
set system name-server 192.168.1.115 # Set DNS server
# Set up DCHP for devnet
set service dhcp-server shared-network-name devnet authoritative
set service dhcp-server shared-network-name devnet description 'testing'
set service dhcp-server shared-network-name devnet subnet 10.0.1.0/24 option default-router '10.0.1.254'
set service dhcp-server shared-network-name devnet subnet 10.0.1.0/24 option name-server '192.168.1.114'
set service dhcp-server shared-network-name devnet subnet 10.0.1.0/24 range 0 start '10.0.1.1'
set service dhcp-server shared-network-name devnet subnet 10.0.1.0/24 range 0 stop '10.0.1.10'
set service dhcp-server shared-network-name devnet subnet 10.0.1.0/24 subnet-id '1'

# Set up SNAT
set nat source rule 1 description 'devnet via eth1'
set nat source rule 1 outbound-interface name 'eth1'
set nat source rule 1 source address '10.0.1.0/24'
set nat source rule 1 translation address 'masquerade'

# Set up firewall

Name		Name	Last commit message	Last commit date
Latest commit History 25 Commits
group_vars		group_vars
host_vars		host_vars
roles		roles
vars		vars
.envrc		.envrc
.gitignore		.gitignore
Pipfile		Pipfile
Pipfile.lock		Pipfile.lock
README.md		README.md
ansible.cfg		ansible.cfg
flake.lock		flake.lock
flake.nix		flake.nix
hosts		hosts
requirements.yml		requirements.yml
vyos_base.yml		vyos_base.yml
vyos_firewall.yml		vyos_firewall.yml
vyos_networks.yml		vyos_networks.yml
vyos_port-forward.yml		vyos_port-forward.yml
vyos_users.yml		vyos_users.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Vyos Home-Lab setup

VM

Boot

Ansible setup

Ansible setup nix

Initial manual config

About

Releases

Packages

Languages

0lzi/vyos-lab

Folders and files

Latest commit

History

Repository files navigation

Vyos Home-Lab setup

VM

Boot

Ansible setup

Ansible setup nix

Initial manual config

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages