VYOS

MOCs

• Overview
• Tips and Tricks
• Initial Configuration
• Interface Configuration
• Static Routing
• Firewall Configuration
• VPN Setup
• NAT Configuration
• DHCP Server Setup
• System Management

Overview

VyOS is a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality. It is designed to be used in physical network devices, as a VM, or in cloud environments.

Documentation

Documentation
If you want a more practical guide to vyos I have my assessment prep for SEC-350 Assessment Prep

Tips and Tricks

EXEC Modes

Vyos has 2 modes 1 is Operational Mode where the terminal will read as the following vyos@vyos:~$. The second mode is Configuration Mode here you can type config or configure to enter vyos@vyos:~#

Importing and Exporting Configs

Forum Posting

Export

configure
save file
# or
scp://<user>:<passwd>@<host>:/<file>	

Import

configure
load vyos_config
commit
save

Initial Configuration

• Accessing VyOS: Use SSH or console access to connect to your VyOS router for the first time.

set service ssh listen-address '0.0.0.0'
set interfaces ethernet eth0 address '<IP>'

• Setting Hostname:

set system host-name myrouter commit save

Interface Configuration

• Assigning IP Address to an Interface:

set interfaces ethernet eth0 address '192.0.2.1/24'
commit
save

Static Routing

• Adding a Static Route:

set protocols static route 0.0.0.0/0 next-hop 192.0.2.254
commit
save

Firewall Configuration

• Creating a Firewall Rule Set:

set firewall name OUTSIDE-IN default-action drop
set firewall name OUTSIDE-IN rule 10 action accept
set firewall name OUTSIDE-IN rule 10 state established enable
set firewall name OUTSIDE-IN rule 10 state related enable
commit
save

VPN Setup

• Configuring an IPsec VPN:

set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec nat-traversal 'enable'
commit
save

NAT Configuration

• Setting Up Source NAT:

set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address '192.0.2.0/24'
set nat source rule 100 translation address masquerade
commit
save

DHCP Server Setup

• Configuring a DHCP Server:

set service dhcp-server shared-network-name LAN subnet 192.0.2.0/24 default-router '192.0.2.1'
set service dhcp-server shared-network-name LAN subnet 192.0.2.0/24 dns-server '192.0.2.1'
commit
save

System Management

• Upgrading VyOS:

add system image <VyOS-ISO-URL>