MOCs
- Overview
- Tips and Tricks
- Initial Configuration
- Interface Configuration
- Static Routing
- Firewall Configuration
- VPN Setup
- NAT Configuration
- DHCP Server Setup
- System Management
Overview
VyOS is a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality. It is designed to be used in physical network devices, as a VM, or in cloud environments.
Documentation
Documentation
If you want a more practical guide to vyos I have my assessment prep for SEC-350 Assessment Prep
Tips and Tricks
EXEC Modes
Vyos has 2 modes 1 is Operational Mode where the terminal will read as the following vyos@vyos:~$. The second mode is Configuration Mode here you can type config or configure to enter vyos@vyos:~#
Importing and Exporting Configs
Export
configure
save file
# or
scp://<user>:<passwd>@<host>:/<file> Import
configure
load vyos_config
commit
saveInitial Configuration
- Accessing VyOS: Use SSH or console access to connect to your VyOS router for the first time.
set service ssh listen-address '0.0.0.0'
set interfaces ethernet eth0 address '<IP>'- Setting Hostname:
set system host-name myrouter commit saveInterface Configuration
- Assigning IP Address to an Interface:
set interfaces ethernet eth0 address '192.0.2.1/24'
commit
saveStatic Routing
- Adding a Static Route:
set protocols static route 0.0.0.0/0 next-hop 192.0.2.254
commit
saveFirewall Configuration
- Creating a Firewall Rule Set:
set firewall name OUTSIDE-IN default-action drop
set firewall name OUTSIDE-IN rule 10 action accept
set firewall name OUTSIDE-IN rule 10 state established enable
set firewall name OUTSIDE-IN rule 10 state related enable
commit
saveVPN Setup
- Configuring an IPsec VPN:
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec nat-traversal 'enable'
commit
saveNAT Configuration
- Setting Up Source NAT:
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address '192.0.2.0/24'
set nat source rule 100 translation address masquerade
commit
saveDHCP Server Setup
- Configuring a DHCP Server:
set service dhcp-server shared-network-name LAN subnet 192.0.2.0/24 default-router '192.0.2.1'
set service dhcp-server shared-network-name LAN subnet 192.0.2.0/24 dns-server '192.0.2.1'
commit
saveSystem Management
- Upgrading VyOS:
add system image <VyOS-ISO-URL>