Installing and Configuring VyOS 1.3 Router&Firewall

28/07/2020 Miscellaneous

* VyOS is an open source network operating system based on Debian GNU/Linux. VyOS provides a free routing platform that competes directly with other commercially available solutions from well known network providers. Because VyOS is run on standard amd64, i586 and ARM systems, it is able to be used as a router and firewall platform for cloud deployments.

Don’t be afraid of CLI, installing VyOS is really simple. You can download VyOS iso from the below link.
– VyOS ISO : https://downloads.vyos.io/?dir=rolling/current/amd64

In our VyOS installation scenario in the below slideshow, we will install VyOS with 4 network cards on an ESXi host.
– See Gallery image titles for instructions

- — Configuring VyOS —
  
  * Ok, we have finished 4 networked VyOS installation. But now we need to configure the Vyos router so that it can provide communication between 4 different networks and provide internet access to all networks. Let’s start it by reviewing our network plan.
  
  We will talk about how to configure VyOS right below, but you can refer to the resources below for detailed information.
  
  https://docs.vyos.io/en/latest/index.html
  https://support.vyos.io/en/kb
  https://forum.vyos.io/
  
  At first I want to give you a basic information about VyOS CLI. There are 2 different modes in VyOS console CLI: operationmode and configmode. You will see the ~ $ sign under Operationmode and the # sign under the configmode. When you first login, you will be under operationmode. Just type the config command and press Enter to switch to the configmode. To exit configmode, you need to type exit. The commands you can use under config mode and operation mode are different. However, to run the operationmode command under configmode, you can type run at the beginning of the operationmode command, leave a space, type the operrationmode command, and press enter. Let’s begin ;
  
  After logged in, let’s run the command below to see the status of the network interface cards.
  show interfaces
  
  Use the conf command to enter the configmode, then you can use the clear command to clear the console screen.
  
  Use the show system hostname command to see the system host name. We see that the host name of our system is “vyos”. You can change this name with the set system-hostname command if you want. I will not change this name for now, but in order to change the system domain name, I will assign my domain name “ad.systemyoda.com” to the system with the set system domain-name command. Then I set the time zone of the system with the set system time-zone ETC/GMT+8 command. You can enter the appropriate parameter for your time zone. You can also define an NTP server to the system with set system ntp server -IP address or hostname of NTP- command.
  
  Now I want to tell you the most important commands, commit and save . Regardless of what configuration changes you made, the rule / configuration changes will not be active in VyOS unless you commit it. So do not forget to enter commit command after making any configuration changes to take effect. But it is not over yet, if you do not enter the save command, the entire configuration will be lost when you restart VyOS.
  
  Get the information of network adapter cards with show interfaces ethernet command while under configmode.
  
  Verify the Mac addresses by comparing them with the Mac addresses of network adapter cards we assigned to VyOS VM.
  
  OK, we can start to assign IP addresses to the VyOS network interface cards with set interfaces ethernet command. Also, we will assign descriptions to each adapter with the description parameter.
  
  At this point, all networks can communicate with each other without writing any static rules, because all the networks are directly connected to the interfaces on the same router. You can make a basic ping test to verify the connections among the networks. But we still haven’t provided the internet access to the networks, so we need to write NAT rule for each network with set nat source rulecommand.
  
  Now, we need to write a static route that points our home modem gateway as next-hop to route network traffic such as internet traffic which is not destined for the networks defined in VyOS. We will use set protocols static routecommand for static route. Also, it’s a good idea to commit and save the configuration that we made so far.
  
  So far so good. Everything looks fine. Now all networks can communicate with each other and have internet access. But if you have a large network that needs the DHCP server, you should set up a DHCP server on each network. Or how about just installing one DHCP server and setting up DHCP Relay on VyoS so that all networks can use a single DHCP server. Let’s say we have a DHCP server with an IP address of 172.25.1.10 and we want to use it by DHCP relay on VyOS for the networks we want to distribute IP addresses by DHCP. We will use set service dhcp-relay command to relay dhcp. By the way, you can also use VyOS as a DHCP server. If you want to use VyOS as a DHCP server, you can refer to this link for the parameters you need.
  – VyOS DHCP Server https://docs.vyos.io/en/crux/services/dhcp.html?highlight=dhcp
  
  We have completed almost everything. But it would be better if there was easier access to VyOS than VM console. So, we need to enable SSH on VyOS by set service ssh port 22 command.
  
  Let’s see the latest configuration information of the VyOS network adapter card again by show interfaces ethernet command.
  You can review specific configurations with commands like; show interfaces, show nat source, show protocols static, show service dhcp-relay, show service ssh, show system domain-name, show system host-name, show system ntp, show system time-zone. Or you can review all of your configurations setting just with show command. Keep in mind that; while you type you can use the Tab key for completion of the command or see the available commands.
  
  Finally, let’s look at the use of reboot and poweroff commands under operationmode.