header image
 

How to install VyOS Router/Appliance on Hyper-V – Part 2: Configuration



Completing the series with the Part 2 of “How to install VyOS Router/Appliance on Hyper-V” with the configuration process.

On my last Post “How to install VyOS router on Hyper-V – Part 1: Setup and Install” I’ve covered:

– Introduction: My LAB environment
– Phase 1: Download VyOS and prepare a VM to run VyOS router
– Phase 2: Install VyOS on a VM

On this post I’ll cover:

– Phase 3: Configure VyOS Router
– Phase 4: Configure VyOS Network Services

Phase 3: Configure VyOS Router

1. Make sure you Ejected the VyOS iso image from the VyOS VM

2. Start the VM

VyOS_login

3. Login to VyOS

VyOS login: vyos
VyOS password: password defined during the installation process

3. Confirm that you have valid NIC’s to be configure (eth0, eth1, eth2), list the NICs:

# show interfaces

4. Configure the router network interfaces, system gateway (ISP 3G router), system name server (ISP 3G router) and hostname.

# configure
# set interfaces ethernet eth0 address 10.0.0.254/24
# set interfaces ethernet eth1 address 192.168.1.254/24
# set interfaces ethernet eth2 address 172.0.0.254/24
# set system gateway-address 192.168.1.1
# set system name-server 192.168.1.1
# set system host-name vyos
# commit
# save

Note: Just to refresh your memory, when we created and configured the VyOS VM on Hyper-V we added the network interfaces in the following order: “Internal”, “External” and “Extranet – DMZ”. When you configure VyOS interfaces “eth0”, “eth1” and “eth2” the Ip Address and Netmask for those interfaces should respect the exact same order, for instance:

eth0 = 10.0.0.254/24 (“Internal” Virtual Switch)
eth1 = 192.168.1.254/24 (“External” Virtual Switch)
eth2 = 172.0.0.254/24 (“Extranet – DMZ” Virtual Switch)

If you fail to accomplish the configuration with the same order you’ll have a mismatch between your interfaces (eth0, eth1, eth2) and their designated vSwitch (“internal”, “external” and “extranet – DMZ”), obviously this can cause network issues.



5. Enable VyOS Web administration interface (not available at the moment with VyOS 1.0.3):

# set service https
# commit
# save

vyos_http

6. Enable VyOS SSH administration:

# set service ssh
# commit
# save

Phase 4: Configure VyOS Network Services

4.1 Configure NAT

4.1.1 Enable NAT Masquerade for the “Internal” vSwitch VLAN (10.0.0.0/24) through the eth1 interface connected to the “External” vSwitch

# set nat source rule 1
# set nat source rule 1 source address 10.0.0.0/24
# set nat source rule 1 outbound-interface eth1
# set nat source rule 1 translation address masquerade
# commit
# save
# exit

The VyOS interface eth1 on the “External” vSwitch is connected to my “3G ISP Wifi Router” as I am using Wireless Bridging on Hyper-V, while doing this NAT configuration I am providing Internet access to all the VM’s hosted on the 10.0.0.0/24 subnet and masking their Addresses, even on a “Internal only” Hyper-V Switch configuration. ;)

4.2 Configure webproxy for the network 172.0.0.x/24 (extranet – dmz)

set service webproxy default-port 8080
set service webproxy listen-address 172.0.0.254
set service webproxy disable-access-log
commit
save

4.3 Configure the name resolvers for VyOS

Edit the dns options file “resolv.conf” with the following:

# sudo nano /etc/resolv.conf

Add the following entries and press [CONTROL]+[X] to save and exit

nameserver 127.0.0.1
nameserver 192.168.1.1

With this dns resolvers configuration pointing to the localhost “127.0.0.1” VyOS will return DNS queries from it’s own DNS zones if you are running a DNS Server on VyOS (e.g. “labdom.com” and “1.168.192.in-addr.arpa”), and while also pointing to 3G ISP Router IP address 192.168.1.1 it will either resolve DNS queries on the Internet.

This completes the series of “How to install VyOS Router/Appliance on Hyper-V”.

R-Tape Loading error,
Luís Rato

~ by lrato on June 17, 2014.

Hyper-V, Linux, Security

Leave a Reply




 
%d bloggers like this: