VyOS is a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality. This post will cover the basic installation of VyOS router, Creating couple of subnets, Creating NAT for internet access for the new subnets and Static routes creation.
Being a systems guy its a pain to understand the routing and networking, however with this vyos virtual router it will be made easy. below are some useful links.
In this post will cover below scenario where 192.168.0.x is my dlink internet router provided by ISP where 192.168.0.1 is its gateway. I am going to install VyOS virtual Router as a VM on the ESXi Host connected to this DLink router.
As shown below my VyOS router will have 5 interfaces where 1 interface will be connected to 192.168.0.x subnet with interface ip 192.168.0.201 and other 4 interfaces (10.10.1.x to 10.10.4.x) for my LAB environment where all the subnets can reach each other as they are in same router, but only 10.10.1.x subnet will be allowed to access internet while others will not have internet.
Installing VyOS virtual Router
VyOS virtual router can be installed in 2 ways wither by importing the OVA file on a ESXi host or vmware work station or by installing with ISO file if you have issues with OVA or using XenServer or HyperV hosts.
OVA can be downloaded from below link if you already have my vmware account, if not please follow next link.
If you don’t have my vmware account use below link to download OVA file or ISO
vSwitch0 on my ESXi Host is connected to vmnic1 which is connected to DLink router. the port group is vmnetwork this will use for VyOS router uplink eth0.
vSwitch1 is connected to physical vmnic0 which is not connected to anything so typically i need to rely on VyOS router for routing. this vSwitch has vLAN10,20,30,40 and so on which will use for 10.10.1.x till 10.10.4.x subnets creation.
Option 1: Installing Using VyOS OVA file
Login to your ESXi host or workstation and create VM.
Select Deploy VM with OVA file – Next
Provide name – click on blank space and browse for OVA file downloaded before – Next
Skip Option 2 as its a lengthy process of same done in Option 01, please follow from initial configuration below.
Option 2: Installing using VyOS iso file
In this will cover how to install with ISO file.Select create VM – New VM
Install Image ( to install image on Disk)
Initial Configuration of Router
Before staring any further configuration some basic rules to remember.
- Always commit the changes and save if not it will be lost after reboot.
- Once logged in $ sign is appeared, type config or configure to enter # which will allow you to run config commands.
- if you are not sure of some commands just use tab it will help you will all available options of commands.
By Default the eth0 the first interface added to VM will have DHCP configured to receive IP from external source. If there is no DHCP in your external network it wont receive, but some time it received IP as shown in next screenshot (165 IP)
If your router looks like this skip next step of delete command
delete interface ethernet eth0 address dhcp
set interfaces ethernet eth0 address 192.168.0.201/24
set interfaces ethernet eth1 description Internet-Facing
set service ssh
set service ssh allow-root
Now connect with putty using the ip 192.168.0.201 and port 22. logins as vyos/vyos
set system host-name myRouter
Additional Interfaces Configuration
Now we need to configure other subnets and its interfaces. Add as many network cards you like for this router and put them in different port group , its better. I am using only 4.
now you notice the router have new network interfaces detected.
set interfaces ethernet eth1 address 10.10.1.1/24
set interfaces ethernet eth1 description vLAN10
set interfaces ethernet eth2 address 10.10.2.1/24
set interfaces ethernet eth2 description vLAN20
set interfaces ethernet eth3 address 10.10.3.1/24
set interfaces ethernet eth3 description vLAN30
set interfaces ethernet eth4 address 10.10.4.1/24
set interfaces ethernet eth4 description vLAN40
NAT Configuration for Internet Access
We can see from below we can reach 192.168.0.1 which is my Dlink router from only 192.168.0.201 as it is connected, But others cannot reach. so we have to do NAT to reach 192.168.0.1
run ping 192.168.0.1 interface 192.168.0.201
Run below commands to create NAT rule so that my 10.10.1.x subnet can talk to external router for internet access. This alone is not enough we need to create static routes also which we will do in next steps.
set nat source rule 11 outbound-interface eth0
set nat source rule 11 source address 10.10.1.1/24
set nat source rule 11 translation address masquerade
Static Route Creation for Internet Access
Now login to your internet DLink router and create static route as shown below.
In my case only 10.10.1.0 subnet should reach internet so my next hop is VyOS router external interface for this subnet which is 192.168.0.201.
set protocols static route 0.0.0.0/0 next-hop 192.168.0.1
With our configuration being completed. Next we had connected my windows10 desktop to vLAN10 which is in my case eth0 in VyOS router which is using 10.10.1.x subnet.
Machine ip is 10 and it can reach internet and google DNS server 22.214.171.124
Hope this post is useful, leave your comments and suggestions below. Next posts will cover the DHCP firewall and other stuff which can be easily mastered from below link.