vYOS Virtual Router for home Lab or SMB Configuration Steps

VyOS is a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality. This post will cover the basic installation of VyOS router, Creating couple of subnets, Creating NAT for internet access for the new subnets and Static routes creation.

Being a systems guy its a pain to understand the routing and networking, however with this vyos virtual router it will be made easy. below are some useful links.

https://vyos.io/

https://wiki.vyos.net/wiki/User_Guide

Introduction

In this post will cover below scenario where 192.168.0.x is my dlink internet router provided by ISP where 192.168.0.1 is its gateway. I am going to install VyOS virtual Router as a VM on the ESXi Host connected to this DLink router.

As shown below my VyOS router will have 5 interfaces where 1 interface will be connected to 192.168.0.x subnet with interface ip 192.168.0.201 and other 4 interfaces (10.10.1.x to 10.10.4.x) for my LAB environment where all the subnets can reach each other as they are in same router, but only 10.10.1.x subnet will be allowed to access internet while others will not have internet.

Installing VyOS virtual Router

VyOS virtual router can be installed in 2 ways wither by importing the OVA file on a ESXi host or vmware work station or by installing with ISO file if you have issues with OVA or using XenServer or HyperV hosts.

OVA can be downloaded from below link if you already have my vmware account, if not please follow next link.

https://marketplace.vmware.com/vsx/solutions/vyos-router-appliance

If you don’t have my vmware account use below link to download OVA file or ISO

https://downloads.vyos.io

vSwitch0 on my ESXi Host is connected to vmnic1 which is connected to DLink router. the port group is vmnetwork this will use for VyOS router uplink eth0.

vSwitch1 is connected to physical vmnic0 which is not connected to anything so typically i need to rely on VyOS router for routing. this vSwitch has vLAN10,20,30,40 and so on which will use for 10.10.1.x till 10.10.4.x subnets creation.

Option 1: Installing Using VyOS OVA file

Login to your ESXi host or workstation and create VM.

Select Deploy VM with OVA file – Next

Provide name – click on blank space and browse for OVA file downloaded before – Next


select datastore – next


Select Public as External uplink in my case vmNetwork, other as internal network without external connectivity.


Finish.


Now vm will power on , login as user: vyos and password: vyos


As you can see OVA router is pre installed

Skip Option 2 as its a lengthy process of same done in Option 01, please follow from initial configuration below.

Option 2: Installing using VyOS iso file

In this will cover how to install with ISO file.Select create VM – New VM


Provide Name , Linux , Debian 6 64 bit as OS


Select Datastore


Upload the vyos iso and continue.


adjust ram if required, select ISo file – Next, Make sure the network is connected to external one as shown below.


Finish


Once installed – power on – login as vyos and vyos password

Install Image  ( to install image on Disk)

Yes


Enter, Enter then Yes and Enter as shown below. ( Enter will take default value)



Password provide as per your wish may be vyos then enter to accept sda


with this installation is done.

Initial Configuration of Router

Before staring any further configuration some basic rules to remember.

  1. Always commit the changes and save if not it will be lost after reboot.
  2. Once logged in $ sign is appeared, type config or configure to enter # which will allow you to run config commands.
  3. if you are not sure of some commands just use tab it will help you will all available options of commands.

By Default the eth0 the first interface added to VM will have DHCP configured to receive IP from external source. If there is no DHCP in your external network it wont receive, but some time it received IP as shown in next screenshot (165 IP)

If your router looks like this skip next step of delete command


If you fall under this category run below 4 commands one after another, to remove DHCP from eth0

Configure

delete interface ethernet eth0 address dhcp
commit
save


Now provide description , IP to interface eth0 which is connected to external which have access to my Dlink internet router.

Configure
set interfaces ethernet eth0 address 192.168.0.201/24
set interfaces ethernet eth1 description Internet-Facing
commit
save


Now our eth0 has external interface IP configured.


Enable SSH on this router now , so that we can work on putty later. ( hint: use tab for auto fill), always commit and save for changes.

set service ssh

set service ssh allow-root

Now connect with putty using the ip 192.168.0.201 and port 22. logins as vyos/vyos


Name this router as myRouter

config

set system host-name myRouter


logoff after commit and save and login back to notice changes.

Additional Interfaces Configuration

Now we need to configure other subnets and its interfaces. Add as many network cards you like for this router and put them in different port group , its better. I am using only 4.

now you notice the router have new network interfaces detected.


run below commands to configure each interface. one for configuring gateway and other for giving description.

configure
set interfaces ethernet eth1 address 10.10.1.1/24
set interfaces ethernet eth1 description vLAN10
set interfaces ethernet eth2 address 10.10.2.1/24
set interfaces ethernet eth2 description vLAN20
set interfaces ethernet eth3 address 10.10.3.1/24
set interfaces ethernet eth3 description vLAN30
set interfaces ethernet eth4 address 10.10.4.1/24
set interfaces ethernet eth4 description vLAN40
commit
save


Now we can see all the interfaces are configured.

 NAT Configuration for Internet Access

We can see from below we can reach 192.168.0.1 which is my Dlink router from only 192.168.0.201 as it is connected, But others cannot reach. so we have to do NAT to reach 192.168.0.1

run ping 192.168.0.1 interface 192.168.0.201

Run below commands to create NAT rule so that my 10.10.1.x subnet can talk to external router for internet access. This alone is not enough we need to create static routes also which we will do in next steps.

set nat source rule 11 outbound-interface eth0
set nat source rule 11 source address 10.10.1.1/24
set nat source rule 11 translation address masquerade


Now check that you can ping 192.168.0.1 only from 10.10.1.x subnet interface but not from other.

Static Route Creation for Internet Access

Now login to your internet DLink router and create static route as shown below.

In my case only 10.10.1.0 subnet should reach internet so my next hop is VyOS router external interface for this subnet which is 192.168.0.201.


At the same time we need to create default static route in VyOS router as well as this router should know how to access internet addresses like 8.8.8.8 google dns server and so on.


Run below commands with next hop as your Dlink router Ip , commit and save as shown below.

Configure

set protocols static route 0.0.0.0/0 next-hop 192.168.0.1


Now you can see the default route is active on interface eth0. S means static, where C means connected to this router.

Testing

With our configuration being completed. Next we had connected my windows10 desktop to vLAN10 which is in my case eth0 in VyOS router which is using 10.10.1.x subnet.

Machine ip is 10 and it can reach internet and google DNS server 8.8.8.8

Hope this post is useful, leave your comments and suggestions below. Next posts will cover the DHCP firewall and other stuff which can be easily mastered from below link.

https://wiki.vyos.net/wiki/User_Guide

Siva Sankar

Siva Sankar works as Solution Architect in Abu Dhabi with primary focus on SDDC, Mobility, Virtualization, VDI, HCI and Network Virtualization products from VMWare, Citrix and Microsoft.

Leave a Reply

Your email address will not be published. Required fields are marked *

Show Buttons
Hide Buttons