AST的電子記憶箱
日本語 English

VyOS セットアップ

VyOS 仮想化 KVM

無料のソフトウェアルーターです。KVM仮想環境にインストールします。

VyOS nightly builds

KVM にてインストール (超簡単)

apt install qemu-kvm libvirt-daemon-system virtinst libvirt-clients qemu-utils bridge-utils

export name=VyOS6.cpunk
export cdrom='vyos-1.5-rolling-202402230022-amd64.iso'

# qemu-img create -f raw $name.img 2G

virt-install -n $name \
--ram 4096 \
--vcpus 4 \
--cdrom $cdrom \
--os-variant ubuntu22.04 \
--network bridge=br0 \
--network bridge=br1 \
--network bridge=br2 \
--nographics \
--hvm \
--virt-type kvm \
--disk path=/vm/$name.img,bus=virtio,size=8 \
--noautoconsole

Login ID/PW : vyos

virsh console $name

install image
reboot

raw ファイルなのでqcow2 に変換

qemu-img convert -O qcow2 VyOS.neo.img VyOS.neo.qcow2
# File size: 2GB -> 484MB

vi /etc/libvirt/qemu/VyOS.neo.xml

<driver name='qemu' type='qcow2'/>
<source file='/vm/VyOS.neo.qcow2'/>

virsh define /etc/libvirt/qemu/VyOS.neo.xml

設定

configure で設定モード、commit で設定変更の適用、save で恒久的に保存(/config/config.boot)

Interface (Ethernet)

set interfaces eth0 address 192.168.8.9/24
set interfaces eth1 address 192.168.9.9/24
set interfaces eth2 address 192.168.23.9/24

Interface (PPPOE)

set interfaces pppoe pppoe0 authentication user *****
set interfaces pppoe pppoe0 authentication password *****
set interfaces pppoe pppoe0 mtu 1454
set interfaces pppoe pppoe0 disabled            # Not yet!
set interfaces pppoe pppoe0 source-interface eth0

Firewall (In)

set firewall name PPPOE0_IN default-action drop

set firewall name PPPOE0_IN rule 8 action accept
set firewall name PPPOE0_IN rule 8 state established enable
set firewall name PPPOE0_IN rule 8 state related enable

// Attach a firewall to pppoe0
set interfaces pppoe pppoe0 firewall in name PPPOE0_IN

Firewall (Out)

set firewall group network-group Private network 10.0.0.0/8
set firewall group network-group Private network 172.16.0.0/12
set firewall group network-group Private network 192.168.0.0/16
set firewall group network-group Private network 169.254.0.0/16

set firewall name PPPOE0_OUT default-action accept
set firewall name PPPOE0_OUT rule 9 action reject
set firewall name PPPOE0_OUT rule 9 destination group network-group Private

// Attach a firewall to pppoe0
set interfaces pppoe pppoe0 firewall out name PPPOE0_OUT

Policy

set policy route wan rule 10 destination address 0.0.0.0/0
set policy route wan rule 10 protocol tcp
set policy route wan rule 10 set tcp-mss 1414
set policy route wan rule 10 tcp flags SYN,!ACK,!FIN,!RST

// Attach a policy to pppoe0
set interfaces pppoe pppoe0 policy route wan

Protocol (routing)

set protocols static route 0.0.0.0/0 interface pppoe0
set protocols static route 192.168.8.0/24 interface eth0
set protocols static route 192.168.9.0/24 interface eth1
set protocols static route 192.168.23.0/24 interface eth2

SNAT (Source NAT, IP masquerade)

set nat source rule 99 outbound-interface pppoe0
set nat source rule 99 source address 192.168.23.0/24
set nat source rule 99 translation address masquerade

DHCP-server

set service dhcp-server shared-network-name NTT_NETWORK subnet 192.168.8.0/24 option default-router 192.168.8.10
set service dhcp-server shared-network-name NTT_NETWORK subnet 192.168.8.0/24 option name-server 8.8.8.8
set service dhcp-server shared-network-name NTT_NETWORK subnet 192.168.8.0/24 range 0 start 192.168.8.150
set service dhcp-server shared-network-name NTT_NETWORK subnet 192.168.8.0/24 range 0 stop 192.168.8.240
set service dhcp-server shared-network-name NTT_NETWORK subnet 192.168.8.0/24 subnet-id 8

set service dhcp-server shared-network-name MYNETWORK subnet 192.168.23.0/24 option default-router 192.168.23.10
set service dhcp-server shared-network-name MYNETWORK subnet 192.168.23.0/24 option name-server 8.8.8.8
set service dhcp-server shared-network-name MYNETWORK subnet 192.168.23.0/24 range 0 start 192.168.23.150
set service dhcp-server shared-network-name MYNETWORK subnet 192.168.23.0/24 range 0 stop 192.168.23.240
set service dhcp-server shared-network-name MYNETWORK subnet 192.168.23.0/24 subnet-id 23

SSH

set service ssh listen-address 192.168.23.9
set service ssh port 22

DNS forwarding

set service dns forwarding listen-address 192.168.8.10
set service dns forwarding listen-address 192.168.9.10
set service dns forwarding listen-address 192.168.23.10
set service dns forwarding system

set system name-server 8.8.8.8
set system name-server 8.8.4.4
set system name-server 2001:4860:4860::8888
set system name-server 2001:4860:4860::8844