Open in app

Sign in

Write

Sign in

Configure VyOS as a software-based router for your Home Lab’s private networks

Akriotis Kyriakos
9 min readNov 7, 2022

--

Create and configure a virtual router for your home networks using VyOS

VyOS is a fully open source network OS based on Debian that provides a free routing, firewall, VPN, NAT platform for IPv4 and IPv6 networking. It is derived from the software-based virtual router community edition of Vyatta, Vyatta Core.

As it’s stated in wikipedia: “The Vyatta system is intended as a replacement for Cisco IOS 1800 through ASR 1000 series Integrated Services Routers (ISR) and ASA 5500 security appliances, with a strong emphasis on the cost and flexibility inherent in an open source, Linux-based system running on commodity x86 hardware or in VMware ESXi, Microsoft Hyper-V, Citrix XenServer, Open Source Xen and KVM virtual environments.

What is the goal ?

After completing this lab, we are going to have configured a virtual software-based router that allows an isolated private backend network (192.168.56.0/24) to communicate unilaterally with our main network (192.168.1.0/24) and get internet access directly from our virtual router (192.168.1.250/32, 192.168.56.250/32).

Figure 1: The network architecture we want to emulate

What are we going to need ?

Let’s break down the picture above to determine what we need to fulfill this task. I assume you have already in place:

  1. A physical router (192.168.1.1) that provides you internet access and your internal network (192.168.1.0/24) and acts as your DHCP server as well.
  2. A workstation (desktop or laptop) that lives in your internal network (let’s assume it is the one with IPv4 192.168.1.11). In my case it is an old Asus laptop with i7 and 16GB of RAM running Ubuntu Desktop 22.04 (Jammy Jellyfish). You are going to need some free RAM (circa 4GB) because we are going to spin 2 virtual machines.
  3. A hypervisor running on your workstation. In my case I used for this lab VirtualBox 7.0, and all networking concepts will be based on how VirtualBox is dealing with internal and external networking for its guests.

If you want to emulate the same lab using KVM instead of VirtualBox, that’s fairly simple — I could provide some guidelines in additional article.

Additionally we are going to provision:

  1. A host-only network (192.168.56.0/24).
  2. A virtual machine (192.168.1.250, 192.168.56.250) that will serve as software-based virtual router. This will bear 2 NICs, having one foot in your internal network (Bridge) and the other in your host-only network (Host-Only). This will be our VyOS server running on Debian.
  3. A virtual machine (192.168.56.103) that will live in your host-only network. This can be running any OS you wish but for this lab I chose to use Ubuntu Server 22.04.1 LTS (Jammy Jellyfish).

The rest of the virtual machines depicted in the picture are only for the sake of completeness.

Adjust the IPv4 addresses as you see fit — the ones used above describe my personal network and nothing more.

Create a Host-Only Network

In order to create a Host-Only network in VirtualBox go to Tools and choose Network:

Press Create, and VirtualBox will create a new network for you named vboxnet0:

Keep the default settings. This will create a virtual network adapter in your workstation and assign to it the IPv4 address 192.168.56.1 — this will be the IPv4 address of your workstation (host) and will enable bilateral communication between your host computer and the virtual machines that will live in this network. Other virtual or physical machines living in your internal network will not be able to access the virtual machines of vboxnet0 (although you could achieve it with additional static routes)

Another IPv4 address (192.168.56.100) will be reserved for the DHCP server of the host-only network (as long as it is enabled — we keep it like this in this lab):

Figure 2: How is Host-Only network interacting with the host

Host-Only networks are useful when we need a two-way communication between host (our workstation, the VirtualBox host) and guests (the virtual machines, like VyOS in this picture). Additionally, guests can communicate with each other within the boundaries of the host-only network.

Provision a VyOS Server

First thing we have to do is to download the latest VyOS image. At the time of writing this article the current version was 1.4. You can download the nightly builds from here.

Next, we have to create a new virtual machine in VirtualBox (20GB of hard disk space, 1 vCPU and 2GB of RAM will suffice). I am not going to get into details because the interface of VirtualBox is very intuitive and there are plenty of articles in the internet describing very good how you could start working with VirtualBox if you are not experienced with it. Although while creating this virtual machine we have to take care some networking details that are important for us. Enable two network adapters, attach the first one to Bridged Adapter and the second one to the Host-Only Adapter and choose the network vboxnet0 (it will be selected by default if you haven’t created any other virtual network):

Our first adapted will be attached to the Bridged Adapter and give us access to the internal network 192.168.1.0/24
The second adapter will be attached to the Host-Only adapter and will add our guest to the backend virtual network we created in the previous section.

Don’t forget to mount the VyOS image in the CDROM under Storage.

We can now start the virtual machine, wait till it boots and use as credentials vyos/vyos to login.

We are ready to install the image. Write in your terminal:

install image

and follow the wizard accepting all the default values — just make sure to enter a valid administrator’s password when asked and don’t leave it empty.

Warning: Do NOT leave the administrator’s password empty!

When the installation is done, you will be instructed to reboot the box. Better shutdown the machine, remove the image from the CDROM so it won’t boot again in Live mode and start the instance.

init 0

I would advise you, every time you reach a checkpoint, to shutdown the virtual machine — init 0 — and take a snapshot, in order to be able to revert any time to a known good configuration if something went really wrong.

We are ready now to configure our VyOS server!

Configure the VyOS Server

Let’s first inspect and then configure the network interfaces of our virtual router. Issue the following command in the terminal:

show interfaces
Figure 3: The network adapters of our router yet to be configured

We can see two adapters, eth0 that corresponds to our bridged adapter and eth1 that corresponds to our host-only network. If you can recall from the introduction eth0 is attached to our internal network, where a DHCP server will soon allocate an IPv4 address to this interface. For this box we want to avoid this, so let’s disable DHCP for eth0.

Every time you need to make a change to the configuration of the router you need to enter in configuration mode using the command configure and then after you are done you have to commit your changes and then save them in order to stick after reboot. You then can exit configuration mode with exit.

configuredelete interface ethernet eth0 address dhcp

and then provide the IPv4 address we have decided already to assign to this adapter, 192.168.1.250 — and a description which is optional:

set interfaces ethernet eth0 address 192.168.1.250/24
set interfaces ethernet eth0 description EXT-BRIDGED

Commit, save and exit:

commit
save
exit

From now on, I will assume in every set of changes that will follow, that you enter and exit the configuration mode properly by yourself without me writing the commands in the guidelines.

Then have another look in the interfaces:

Next let’s enable SSH and set the hostname of the router in order to make our life bit easier and get out of the cumbersome interface of VirtualBox:

set system host-name vyos-router
set service ssh

Configure, commit, save blah, blah, blah!

Now we have to configure the second interface that is attached to the host-only network. Repeat the same process as with eth0, but this time the desired values are:

set interfaces ethernet eth1 address 192.168.56.250/24
set interfaces ethernet eth1 description INT-HOSTONLY

The interfaces now are up, let’s go and test them. We want to ping our physical router’s ip address (192.168.1.1) from every adapter. First from eth0:

ping 192.168.1.1 interface 192.168.1.250

and then from eth1:

ping 192.168.1.1 interface 192.168.56.250

What we will notice is that we cannot reach the physical router from eth1 — not that we expected different though!

But can we ping the outside world in any case ? Short answer, no. Let’s fix it.

ping 8.8.8.8 interface 192.168.1.250

We are going to create NAT rules for every adapter, so they can both get internet access through interface eth0:

set nat source rule 20 outbound-interface 'eth0'
set nat source rule 20 source address '192.168.1.0/24'
set nat source rule 20 translation address 'masquerade'set nat source rule 21 outbound-interface 'eth0'
set nat source rule 21 source address '192.168.56.0/24'
set nat source rule 21 translation address 'masquerade'

and a static route to our physical router:

set protocols static route 0.0.0.0/0 next-hop 192.168.1.1

Can we ping external endpoints now? Yes we can!

At this point we will leave our VyOS Server and we will jump to configure the additional Ubuntu guest in our host-only network.

Provision the Ubuntu Server

Create a second virtual machine in VirtualBox — same specs like VyOS Server will do — but this time create only one NIC, and attach it to the Host-Only adapter as we did before. Don’t forget that the virtual machines living in a host-only network have no internet access and can communicated only with each other and their VirtualBox host.

Every VM provisioned in this network should have one and only network adapter.

Boot the virtual machine, make sure that the DHCP server of the host-only network has assigned an IPv4 address and try to ping 8.8.8.8, which will not work, exactly as it was expected.

What we need to do in order to rectify this situation, is to set our VyOS virtual router as the default gateway of this machine:

sudo ip route add default via 192.168.56.250

If you try now to ping you will notice that with the settings we provided in our virtual router the virtual machines of the host-only private network have the following capabilities:

  • They have internet access
  • They have two-way communication their VirtualBox host using its internal IPv4 (192.168.1.11/32)
  • They can reach endpoints in the internal network (192.168.1.0/24) but not the other way round — only exception the VirtualBox host as we mentioned in the previous bullet.

Follow up

The fact that the article is targeting a home lab scenario, doesn’t mean that VyOS cannot be used for the very same concept and nearly similar configuration to support your business environment.

In an upcoming guide I will show you how to create a hybrid cloud environment by configuring and establishing a VPN connection between this private host-only network and a AWS VPC. Stay tuned!

Virtual Router
Vyos
Virtual Private Network
Gateway
Virtualbox

--

--

Akriotis Kyriakos

Written by Akriotis Kyriakos

777 Followers

talking about: kubernetes, golang, open telekom cloud, aws, openstack, sustainability, software carbon emissions

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams