VyOS – Virtual Router for Home Lab

In this post, we will discuss how a VyOS (old name – Vyatta) virtual appliance can be used as a router for home labs and acts as a internet gateway for all the lab machines. This has come handy many a times for me and good thing about this is it takes very less amount of resources from your host machine and is absolutely free of cost. There are many other virtual routers that are available like Freesco which is also a very good virtual router but i somehow love using Vyatta. It is simple to configure and use. A detailed user guide can be found here. Having said many good things about Vyatta, let’s get started with configuring some basic things.

VyOS understands what user need, so we are provided with a ova version of the appliance which is ready to be deployed. OVA can be downloaded from here. Once you are done with the download, deploy the VM in workstation and power it on. You should end up on the screen below.

Default Username and Password : vyos/vyos

Login to the appliance, we will be at the operational mode. Operational mode is used to view, reboot and to check service status. $ at the prompt indicates a operational mode. Any changes to the appliance and configuration changes are done from Configuration mode. # at the prompt indicates a configuration mode.

2016-08-18 16_16_54-VyOS - VMware Workstation

 To view the current config, use the below command

$ show interfaces

I have only one interface now on the appliance and it is bridged wth the physical host. I am going to set the IP address on the interface by using the dhcp service. To do so, do as below.

$ config
# set interfaces ethernet eth0 address dhcp
# commit
# save

For every configuration change we make, it has to be commited and saved so that the configuartion file gets updated and settings are applied. Now let’s enable SSH on port 22, so that we can use putty to connect to this.

# set service ssh port '22'

2016-08-19 09_20_01-VyOS - VMware Workstation

Now that we have a working interface with SSH enabled, let’s connect to vyos using putty. I am also going to add two virtual network adapters to the vyos vm which will be shown up as eth1 and eth2 in the vyos. Assuming each interface connected to different networks on VMware Workstation, in my case vmnet7 and vmnet9, i will connect VM adapters to each one of these.

Let’s verify if they are showing up in the vyos

vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 153.91.61.23/23 u/u
eth1 - A/D
eth2 - A/D
lo 127.0.0.1/8 u/u
 ::1/128

So that’s a good sign! Let’s add IP’s to the interfaces eth1 and eth2 and add some description to interfaces.

vyos@vyos:~$ config
vyos@vyos# set interfaces ethernet eth0 description 'External'
vyos@vyos# set interfaces ethernet eth1 address '192.168.7.128/24'
vyos@vyos# set interfaces ethernet eth1 description 'vmnet7'
vyos@vyos# set interfaces ethernet eth2 address '192.168.9.128/24'
vyos@vyos# set interfaces ethernet eth2 description 'vmnet9'
vyos@vyos# commit
vyos@vyos# save
Saving configuration to '/config/config.boot'...
Done

Now do a show interfaces on vyos to verify settings

vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 153.91.61.23/23 u/u External
eth1 192.168.7.128/24 u/u vmnet7
eth2 192.168.9.128/24 u/u vmnet9
lo 127.0.0.1/8 u/u
 ::1/128

With this configuration, we now have our host machine running Workstation communicate to network on vmnet 7 and vmnet 8 and vyos acts as router for both the networks. Further to this, for the other machines on network vmnet7 and 9 to be able to connect to internet, we must do a source nat on the interfaces as below.

vyos@vyos# edit nat source rule 15
vyos@vyos# set source address 192.168.7.128/24
vyos@vyos# set outbound-interface eth0
vyos@vyos# set translation address masquerade
vyos@vyos# commit
vyos@vyos# save
Saving configuration to '/config/config.boot'...
Done
vyos@vyos# edit nat source rule 16
vyos@vyos# set source address 192.168.9.128/24
vyos@vyos# set outbound-interface eth0
vyos@vyos# set translation address masquerade
vyos@vyos# commit
vyos@vyos# save
Saving configuration to '/config/config.boot'...
Done
[edit]
vyos@vyos# exit

Any random number for rule can be used here and they are applied in sequence.

vyos@vyos:~$ show nat source rules
Disabled rules are not shown
Codes: X - exclude rule, M - masquerade rule
rule intf translation
---- ---- -----------
M15 eth0 saddr 192.168.7.128/24 to 153.91.61.23
 proto-all sport ANY
M16 eth0 saddr 192.168.9.128/24 to 153.91.61.23
 proto-all sport ANY

Update(9/7/16): To be able to ping internal network from the host machine, configure Destination nat rules on the incoming interface and map interfaces connected to internal network on the VyOS

Update(10/4/16): I have received some offline requests about the procedure for destination nat, so i took some time to update the post. Here you go!

vyos@vyos:~$ config
vyos@vyos# edit nat destination rule 25
vyos@vyos# set inbound-interface eth0
vyos@vyos# set translation address '192.168.7.128'
vyos@vyos# exit
vyos@vyos# commit
vyos@vyos# save
Saving configuration to '/config/config.boot'...
Done
vyos@vyos# edit nat destination rule 26
vyos@vyos# set inbound-interface eth0
vyos@vyos# set translation address '192.168.9.128'
vyos@vyos# exit
vyos@vyos# commit
vyos@vyos# save
Saving configuration to '/config/config.boot'...
Done
vyos@vyos# exit

Similar to the source nat, we can use any random number for the nat rules

vyos@vyos:~$ show nat destination rules
Disabled rules are not shown
Codes: X - exclude rule
rule intf translation
---- ---- -----------
25 eth0 daddr ANY to 172.10.10.20
 proto-all dport ANY
26 eth0 daddr ANY to 172.20.20.20
 proto-all dport ANY

Adding more to the destination nat rules, below is how you can set the system configuration like hostname, dns and time-zone.

vyos@vyos:~$ config
vyos@vyos# set system host-name VyOS
vyos@vyos# set system domain-name vmmaster.local
vyos@vyos# set system name-server <IP address of the dns server>
vyos@vyos# set system time-zone America/Chicago
vyos@vyos# commit
[ system time-zone America/Chicago ]
Stopping enhanced syslogd: rsyslogd.
Starting enhanced syslogd: rsyslogd.
vyos@vyos# save
Saving configuration to '/config/config.boot'...
Done

That’s it! We should now have isolated networks vmnet7 and vmnet9 connected to each other and also to the internet.

Hope this was informative. Thanks!

Advertisements