Vyos Router 地端架設

# Vyos Router 地端架設 ## 設置:Vyos-vm1, linux-vm2 via Virtualbox ## 架構圖參考步驟參考: [Configure VyOS as a software-based router for your Home Lab’s private networks](https://akyriako.medium.com/configure-vyos-as-a-software-based-router-for-your-home-labs-private-networks-a0f4529f0b99) ![](https://hackmd.io/_uploads/SJdY4txp2.png) ### **事前準備:** 下載 1. [vyos iso 連結](https://vyos.io/) 2. Virutal box 3. [linux 20.0.4 iso 連結](https://www.ubuntu-tw.org/modules/tinyd0/) ### Virtualbox 設置 1. 設置 host only 網路與 DHCP server ![](https://hackmd.io/_uploads/Sy9NYug63.png) ![](https://hackmd.io/_uploads/ry5LKdxah.png) 2. 設置 vyos 橋接介面卡與 host only 介面卡 ![](https://hackmd.io/_uploads/HkGjtde6n.png) 3. 另一台 linux 只需要 host only 介面卡 ![](https://hackmd.io/_uploads/rJR6YugTh.png) ### Vyos 設置 1. 先在主機確認自己的 ip 跟 gateway 位址 ``` ipconfig ``` ![](https://hackmd.io/_uploads/r1Ts9dg6h.png) 2. 設置 eth0 網路卡為對外接口，由於我的 wifi ip位址為 172.20.10.0/28 所以可用位址為 1~14 (0 ,15 不可用)，因此設置 eth0 為 172.20.10.14/28 ``` configure delete interface ethernet eth0 address dhcp set interfaces ethernet eth0 address 172.20.10.14/28 set interfaces ethernet eth0 description EXT-BRIDGED commit save exit ``` 3. 查看 vyos 當前設置 ``` show interface ``` ![](https://hackmd.io/_uploads/H1xhhdeah.png) 4. 設置對內網路接口 192.168.56.250/24 ``` config set interfaces ethernet eth1 address 192.168.56.250/24 set interfaces ethernet eth1 description INT-HOSTONLY commit save exit ``` ![](https://hackmd.io/_uploads/SkqreKg6h.png) 5. 測試 eth0 與 eth1 是否能成功 ping 主機(172.20.10.9) ``` #會通 ping 172.20.10.9 interface 172.20.10.14 #不通 ping 172.20.10.9 interface 192.168.56.250 #不通 ping 8.8.8.8 interface 172.20.10.14 ``` 6. 設置 route table ``` //We are going to create NAT rules for every adapter, so they can both get internet access through interface eth0: config set nat source rule 20 outbound-interface 'eth0' set nat source rule 20 source address '172.20.10.0/28' set nat source rule 20 translation address 'masquerade' set nat source rule 21 outbound-interface 'eth0' set nat source rule 21 source address '192.168.56.0/24' set nat source rule 21 translation address 'masquerade' commit save exit ``` 7. 設置 static route to our physical router ``` set protocols static route 0.0.0.0/0 next-hop 172.20.10.1 ``` 8. 回去嘗試 **第五步驟** 測試是否打通，ping 主機與 8.8.8.8 都要通才是成功 ![](https://hackmd.io/_uploads/Hy7YmYeT2.png) 9. 使用另一台 linux VM ping 8.8.8.8 ``` su root sudo ip route add default via 192.168.56.250 ping 8.8.8.8 ``` ![](https://hackmd.io/_uploads/rJDN4Ygp2.png) **補充:** ``` set service ssh //主機cmd ssh vyos@172.20.10.14 ``` ## 無法解決問題(等未來高人指導) 1. vyos 建立後無法與 AWS VPN connection 串接 (EC2 on VPC -> Transit gateway -> VPN connect -> Customer gateway -> vyos) 相關資源: 1. VPG to vyos(官方):https://vyos.io/documents/aws-partnership/VyOS%E2%80%94AWS-Site-to-Site-VPN-and-static-routing.pdf 2. VPG to vyos(網友實作):https://qiita.com/sugimount-a/items/2f2e8d27ade90bb3b554 3. Vyos 1.3.2 iso下載:https://ec.loping.net/ichundes/vyos-build/