vYOS Virtual Router for home Lab or SMB Configuration Steps
VyOS is a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality. This post will cover the basic installation of VyOS router, Creating couple of subnets, Creating NAT for internet access for the new subnets and Static routes creation.
Being a systems guy its a pain to understand the routing and networking, however with this vyos virtual router it will be made easy. below are some useful links.
https://vyos.io/
https://wiki.vyos.net/wiki/User_Guide
Contents of the Post
Introduction
In this post will cover below scenario where 192.168.0.x is my dlink internet router provided by ISP where 192.168.0.1 is its gateway. I am going to install VyOS virtual Router as a VM on the ESXi Host connected to this DLink router.
As shown below my VyOS router will have 5 interfaces where 1 interface will be connected to 192.168.0.x subnet with interface ip 192.168.0.201 and other 4 interfaces (10.10.1.x to 10.10.4.x) for my LAB environment where all the subnets can reach each other as they are in same router, but only 10.10.1.x subnet will be allowed to access internet while others will not have internet.
Installing VyOS virtual Router
VyOS virtual router can be installed in 2 ways wither by importing the OVA file on a ESXi host or vmware work station or by installing with ISO file if you have issues with OVA or using XenServer or HyperV hosts.
OVA can be downloaded from below link if you already have my vmware account, if not please follow next link.
https://marketplace.vmware.com/vsx/solutions/vyos-router-appliance
If you don’t have my vmware account use below link to download OVA file or ISO
https://downloads.vyos.io
vSwitch0 on my ESXi Host is connected to vmnic1 which is connected to DLink router. the port group is vmnetwork this will use for VyOS router uplink eth0.
vSwitch1 is connected to physical vmnic0 which is not connected to anything so typically i need to rely on VyOS router for routing. this vSwitch has vLAN10,20,30,40 and so on which will use for 10.10.1.x till 10.10.4.x subnets creation.
Option 1: Installing Using VyOS OVA file
Login to your ESXi host or workstation and create VM.
Select Deploy VM with OVA file – Next
Provide name – click on blank space and browse for OVA file downloaded before – Next
Select Public as External uplink in my case vmNetwork, other as internal network without external connectivity.
Now vm will power on , login as user: vyos and password: vyos
As you can see OVA router is pre installed
Skip Option 2 as its a lengthy process of same done in Option 01, please follow from initial configuration below.
Option 2: Installing using VyOS iso file
In this will cover how to install with ISO file.Select create VM – New VM
Provide Name , Linux , Debian 6 64 bit as OS
Upload the vyos iso and continue.
adjust ram if required, select ISo file – Next, Make sure the network is connected to external one as shown below.
Once installed – power on – login as vyos and vyos password
Install Image ( to install image on Disk)
Yes
Enter, Enter then Yes and Enter as shown below. ( Enter will take default value)
Password provide as per your wish may be vyos then enter to accept sda
with this installation is done.
Initial Configuration of Router
Before staring any further configuration some basic rules to remember.
- Always commit the changes and save if not it will be lost after reboot.
- Once logged in $ sign is appeared, type config or configure to enter # which will allow you to run config commands.
- if you are not sure of some commands just use tab it will help you will all available options of commands.
By Default the eth0 the first interface added to VM will have DHCP configured to receive IP from external source. If there is no DHCP in your external network it wont receive, but some time it received IP as shown in next screenshot (165 IP)
If your router looks like this skip next step of delete command
If you fall under this category run below 4 commands one after another, to remove DHCP from eth0
Configure
delete interface ethernet eth0 address dhcp
commit
save
Now provide description , IP to interface eth0 which is connected to external which have access to my Dlink internet router.
Configure
set interfaces ethernet eth0 address 192.168.0.201/24
set interfaces ethernet eth1 description Internet-Facing
commit
save
Now our eth0 has external interface IP configured.
Enable SSH on this router now , so that we can work on putty later. ( hint: use tab for auto fill), always commit and save for changes.
set service ssh
set service ssh allow-root
Now connect with putty using the ip 192.168.0.201 and port 22. logins as vyos/vyos
config
set system host-name myRouter
logoff after commit and save and login back to notice changes.
Additional Interfaces Configuration
Now we need to configure other subnets and its interfaces. Add as many network cards you like for this router and put them in different port group , its better. I am using only 4.
now you notice the router have new network interfaces detected.
run below commands to configure each interface. one for configuring gateway and other for giving description.
configure
set interfaces ethernet eth1 address 10.10.1.1/24
set interfaces ethernet eth1 description vLAN10
set interfaces ethernet eth2 address 10.10.2.1/24
set interfaces ethernet eth2 description vLAN20
set interfaces ethernet eth3 address 10.10.3.1/24
set interfaces ethernet eth3 description vLAN30
set interfaces ethernet eth4 address 10.10.4.1/24
set interfaces ethernet eth4 description vLAN40
commit
save
Now we can see all the interfaces are configured.
NAT Configuration for Internet Access
We can see from below we can reach 192.168.0.1 which is my Dlink router from only 192.168.0.201 as it is connected, But others cannot reach. so we have to do NAT to reach 192.168.0.1
run ping 192.168.0.1 interface 192.168.0.201
Run below commands to create NAT rule so that my 10.10.1.x subnet can talk to external router for internet access. This alone is not enough we need to create static routes also which we will do in next steps.
set nat source rule 11 outbound-interface eth0
set nat source rule 11 source address 10.10.1.1/24
set nat source rule 11 translation address masquerade
Now check that you can ping 192.168.0.1 only from 10.10.1.x subnet interface but not from other.
Static Route Creation for Internet Access
Now login to your internet DLink router and create static route as shown below.
In my case only 10.10.1.0 subnet should reach internet so my next hop is VyOS router external interface for this subnet which is 192.168.0.201.
At the same time we need to create default static route in VyOS router as well as this router should know how to access internet addresses like 8.8.8.8 google dns server and so on.
Run below commands with next hop as your Dlink router Ip , commit and save as shown below.
Configure
set protocols static route 0.0.0.0/0 next-hop 192.168.0.1
Now you can see the default route is active on interface eth0. S means static, where C means connected to this router.
Testing
With our configuration being completed. Next we had connected my windows10 desktop to vLAN10 which is in my case eth0 in VyOS router which is using 10.10.1.x subnet.
Machine ip is 10 and it can reach internet and google DNS server 8.8.8.8
Hope this post is useful, leave your comments and suggestions below. Next posts will cover the DHCP firewall and other stuff which can be easily mastered from below link.
https://wiki.vyos.net/wiki/User_Guide
hello,
thank you for your article.
in my case i have
i have
Interface IP Address S/L Description
——— ———- — ———–
eth0 192.168.10.1/24 u/u Internet
eth1 172.16.0.1/16 u/u Site 1
eth2 172.17.0.1/16 u/u Site 2
lo 127.0.0.1/8 u/u
i connect my laptop to my internet home router using wifi. when i try to do ping to my esxi in site 1
ping is ok
but when i try to do telnet esxi IP 80
it don’t response and i can not browse when page of my esxi from my laptop
could you help please
why i can ping but can not browse web page.
note: in my vyos fw i autorise 80 port.
If you are not able to create static routes on your router for subnets hosted in vyos, better to create static route on your laptop. without vyos knows your laptop as its connected to wifi, but your laptop dont know the other subnets hosted on vyos. so create a static route on your laptop to the 172.16.0.0/16 255.255.0.0 to the vyos interface up connected to your wifi subnet.
how you desktop is connected to internet router please?
my laptop connected to wifi and static route to vyos router.
But couldn’t you do the same with any std. Linux distro, why use VyOS? Why is VyOS better?
I see a lot of advantages of using a std. Linux no limits in packages, installation etc.
The VyOS kernel might be optimize for high performance routing, but for home-lab, small- and midsized companies that’s not really needed in most cases, but I could be wrong?
Great article, very helpful to begin with VyOS. Juste one question, how would you isolate network between them (because like you said, they are on same router, so they can communicate with each others) ? Would you prefer to set another router ? or would you use vlans ?
Hello thank you very much! i understand all but please i only have one question, why is important to put and static route on DLink router ?, it is very clear this one default static route in VyOS router , but i dont know why to put and static route on Dlink Router,
regards,
thank you!
The static route from vyos to dlink is to pass the traffic from vyos to dlink for external connectivity like internet and all.
Hello thank you very much! i understand all but please i only have one question, why is important to put a static route on DLink router ?, it is very clear this one: default static route in VyOS router , but i dont know why to put a static route on Dlink Router,
regards,
thank you!
Thank you very much for the articule, please why it is important to do a static route on the internet DLink router?, It would not be enough just to make the static route in VyOS router,
regards,
thank you!