https://hub.docker.com/r/vyos/vyos-build
https://github.com/vyos/vyos-build
https://vyos.net/get/nightly-builds/
https://hub.docker.com/r/robertoberto/vycontrol
https://github.com/vycontrol/vycontrol
https://github.com/vyos/vyos-rolling-nightly-builds/releases
docker pull vyos/vyos-build:crux # For VyOS 1.2
docker pull vyos/vyos-build:current # For rolling release
docker run -d --net=host --name vyos --restart=always -v /data/docker/nginx/vyos/data:/vyos -v /data/docker/nginx/vyos/conf/.gitconfig:/etc/gitconfig -v /data/docker/nginx/vyos/conf/.bash_aliases:/home/vyos_bld/.bash_aliases -v /data/docker/nginx/vyos/conf/.bashrc:/home/vyos_bld/.bashrc -w /vyos --privileged vyos/vyos-build:current bash
docker exec -it vyos /bin/bash
https://hub.docker.com/r/ringend/vyos-1_4
https://hub.docker.com/r/yunqianqian/vyos
docker run -d --name vyos --restart=always --privileged -v /lib/modules:/lib/modules -v /data/docker/nginx/vyos:/opt/vyatta/etc/config -w /vyos --sysctl net.ipv6.conf.all.disable_ipv6=1 ringend/vyos-1_4:latest /sbin/init
docker exec -it vyos su - vyos
configure
set protocols static route 172.21.0.0/24 next-hop '172.21.0.1'
set protocols static route 172.22.0.0/24 next-hop '172.22.0.1'
commit #提交
save #保存
exit #退出配置环境
ip route show #查看并确定配置的路由
docker network create --driver bridge --subnet 172.21.0.0/24 --gateway 172.21.0.1 net21
docker network create --driver bridge --subnet 172.22.0.0/24 --gateway 172.22.0.1 net22
docker run -itd --restart=always --privileged --ip 172.21.0.21 --name box21 --network net21 --cap-add NET_ADMIN busybox:latest
docker run -itd --restart=always --privileged --ip 172.22.0.22 --name box22 --network net22 --cap-add NET_ADMIN busybox:latest
docker exec -it box21 /bin/bash
docker exec -it box22 /bin/bash
---vyos-router中配置两边网络的静态路由:
ip route show #查看路由
configure #进入配置环境
set protocols static route X.X.X.X/24 next-hop IP1
set protocols static route X.X.X.X/24 next-hop IP2
commit #提交
save #保存
exit #退出配置环境
ip route show #查看并确定配置的路由
---在两个busybox中测试联通性。
docker run -d --rm --name vyos --privileged -v /lib/modules:/lib/modules ringend/vyos-1_4:latest /sbin/init
docker run -d --name vycontrol --restart=always -p 8000:8000 -t robertoberto/vycontrol
docker exec -it vycontrol /bin/bash
apt-get update -y
apt-get install -y wget vim net-tools curl git cron
apt-get dist-upgrade -y
apt-get upgrade -y
apt autoremove
apt clean
vi /code/vycontrol/settings_available/production.py
ALLOWED_HOSTS = 0.0.0.0
docker restart vycontrol
http://ip:8000
-For VyOS 1.2 (crux)
git clone -b crux --single-branch https://github.com/vyos/vyos-build
-For VyOS 1.3 (equuleus, current)
git clone -b current --single-branch https://github.com/vyos/vyos-build
# Deploy container from ISO
https://vyos.net/get/nightly-builds/
cd /opt
mkdir vyos && cd vyos
wget https://s3-us.vyos.io/rolling/current/vyos-1.4-rolling-202303170317-amd64.iso
mkdir rootfs
mount -o loop vyos-1.4-rolling-202303170317-amd64.iso rootfs
yum -y install squashfs-tools
apt-get install -y squashfs-tools
mksquashfs -version
unsquashfs -version
mkdir unsquashfs
unsquashfs -f -d unsquashfs/ rootfs/live/filesystem.squashfs
tar -C unsquashfs -c . | docker import - vyos:1.4-rolling-202303170317
umount rootfs
cd ..
rm -rf vyos
docker run -d --name vyos --restart=always --hostname vyos --privileged -v /lib/modules:/lib/modules -v /data/docker/nginx/vyos:/opt/vyatta/etc/config -w /vyos --sysctl net.ipv6.conf.all.disable_ipv6=1 vyos:1.4-rolling-202303170317 /sbin/init
docker exec -ti vyos su - vyos
# 操作
-查看版本
show version
-查看设备配置
show configuration
-查看配置命令
set interfaces set protocols static route 172.21.0.0/24 next-hop 172.21.0.1 set protocols static route 172.22.0.0/24 next-hop 172.22.0.1 set service ntp allow-client address '0.0.0.0/0' set service ntp allow-client address '::/0' set service ntp server time1.vyos.net set service ntp server time2.vyos.net set service ntp server time3.vyos.net set system config-management commit-revisions '100' set system conntrack modules ftp set system conntrack modules h323 set system conntrack modules nfs set system conntrack modules pptp set system conntrack modules sip set system conntrack modules sqlnet set system conntrack modules tftp set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$QxPS.uk6mfo$9QBSo8u1FkH16gMyAVhus6fU3LOzvLR9Z9.82m3tiHFAxTtIkhaZSWssSgzt4v4dGAL8rhVQxTg0oAG9/q11h/' set system login user vyos authentication plaintext-password '' set system syslog global facility all level 'info' set system syslog global facility protocols level 'debug'
-命令查看接口状态
show interface
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 172.17.0.11/16 u/u lo 127.0.0.1/8 u/u
-查看路由
show ip route
-进入配置模式
configure
-设置网卡描述
set interfaces ethernet eth0 description 'PUBLIC NETWORK'
set interfaces ethernet eth1 description 'PRIVATE NETWORK'
-配置ip地址
set interfaces ethernet eth0 address 172.16.0.99/24
set protocols static route 0.0.0.0/0 next-hop '172.16.0.254'
set interfaces ethernet eth1 address 192.168.10.1/24
-开启ssh
set service ssh port '22'
-配置dns转发
set service dns forwarding cache-size '0'
set service dns forwarding listen-on eth0
set service dns forwarding listen-on eth1
set service dns forwarding name-server '114.114.114.114'
set service dns forwarding name-server '8.8.8.8'
-配置dhcp服务
set service dhcp-server disabled 'false'
set service dhcp-server shared-network-name LAN description 'LAN DHCP'
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 default-router 192.168.10.1
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 start 192.168.10.100 stop 192.168.10.200
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 lease '86400'
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 dns-server 192.168.10.1
-配置内网出公网
set nat source rule 100 description 'TO INTERNET'
set nat source rule 100 source address 192.168.10.0/24
set nat source rule 100 outbound-interface eth0
set nat source rule 100 translation address 172.16.0.99
-配置web转发
set nat destination rule 1000 description "WEB SERVER"
set nat destination rule 1000 inbound-interface eth0
set nat destination rule 1000 destination address 172.16.0.99
set nat destination rule 1000 source address 0.0.0.0/0
set nat destination rule 1000 destination port 80
set nat destination rule 1000 protocol tcp
set nat destination rule 1000 translation address 192.168.10.150
set nat destination rule 1000 translation port 80
-配置ftp转发
set nat destination rule 1001 description "FTP SERVER"
set nat destination rule 1001 inbound-interface eth0
set nat destination rule 1001 destination address 172.16.0.99
set nat destination rule 1001 protocol tcp
set nat destination rule 1001 source address 0.0.0.0/0
set nat destination rule 1001 destination port 21
set nat destination rule 1001 translation address 192.168.10.150
set nat destination rule 1001 translation port 21
# VMware 安装
其他linux 4.X内核 64位
-安装到磁盘
install image
---
-进入配置模式
configure
-设置eth0口自动获取IP地址
set interfaces ethernet eth0 address dhcp
-设置ssh端口为22
set service ssh port 22
-应用配置
commit
-保存配置
save
-查看接口IP
run show interfaces
---SSH进入Vyos
ssh -l vyos -p 22 192.168.41.128
# 上网配置
---DHCP上网
configure #进入配置模式
set interfaces ethernet eth0 address dhcp #配置eth0口dhcp自动获取IP地址
commit #应用配置
save #保存配置
---静态IP上网
configure #进入配置模式
set interfaces ethernet eth0 address 192.168.1.2/24 #配置eth0口静态IP上网
set protocols static route 0.0.0.0/0 next-hop 192.168.1.1 #配置默认路由
commit #应用配置
save #保存配置
---PPPOE拨号上网
configure #进入配置模式
set interfaces pppoe pppoe1 authentication user 'your-user' #配置拨号用户
set interfaces pppoe pppoe1 authentication password 'your-password' #配置拨号密码
set interfaces pppoe pppoe1 default-route 'none' #不配置默认路由
set interfaces pppoe pppoe1 mtu '1500' #配置最大传输单元
set interfaces pppoe pppoe1 source-interface 'eth0' #绑定拨号接口
set firewall options interface pppoe1 adjust-mss 1200 #配置最大报文段大小
set protocols static interface-route 0.0.0.0/0 next-hop-interface pppoe1 #配置默认路由走pppoe1接口,跟上面的不配置默认路由一起使用,否则都不使用
commit #应用配置
save #保存配置
# DNS配置
---DHCP获取DNS
configure #进入配置
set system name-server eth0 #从eth0口获取DNS
commit #应用配置
save #保存配置
---自定义DNS
configure #进入配置
set system name-server 223.5.5.5 #设置阿里DNS
set system name-server 114.114.114.114 #设置114DNS
commit #应用配置
save #保存配置
# NAT配置
---SNAT配置
configure #进入配置
set nat source rule 100 outbound-interface eth0 #设置eth0口出向nat
set nat source rule 100 source address 192.168.2.0/24 #设置内网源网段
set nat source rule 100 translation address masquerade #nat成出接口IP上网
commit #应用配置
save #保存配置
---DNAT配置
configure #进入配置
set nat destination rule 100 inbound-interface eth0 #入接口eth0口
set nat destination rule 100 destination address 192.168.1.2 #从eth0入站访问192.168.1.2
set nat destination rule 100 destination port 80 #从eth0入站访问192.168.1.2的80端口
set nat destination rule 100 protocol tcp #从eth0入站访问192.168.1.2的tcp80端口
set nat destination rule 100 translation address 192.168.2.2 #映射给内网192.168.2.2
set nat destination rule 100 translation port 8080 #映射给内网192.168.2.2的8080端口
commit #应用配置
save #保存配置
---DHCPServer配置
configure #进入配置
set service dhcp-server shared-network-name eth1 authoritative #开启特定共享网络的授权,防止出现冲突和混乱
set service dhcp-server shared-network-name eth1 subnet 192.168.2.0/24 default-router 192.168.2.1 #配置终端获取的网关IP,默认为eth1的接口IP地址
set service dhcp-server shared-network-name eth1 subnet 192.168.2.0/24 lease 86400 #设置dhcp过期时间86400秒
set service dhcp-server shared-network-name eth1 subnet 192.168.2.0/24 name-server 223.5.5.5 #下发DNS223.5.5.5
set service dhcp-server shared-network-name eth1 subnet 192.168.2.0/24 name-server 114.114.114.114 #下发DNS114.114.114.114
set service dhcp-server shared-network-name eth1 subnet 192.168.2.0/24 range 0 start 192.168.2.2 #设置dhcp下发范围0,开始192.168.2.2
set service dhcp-server shared-network-name eth1 subnet 192.168.2.0/24 range 0 stop 192.168.2.10 #设置dhcp下发范围0,结束192.168.2.10
commit #应用配置
save #保存配置
# 路由配置
---静态路由
configure #进入配置
set protocols static route 10.0.0.0/24 next-hop 192.168.1.1 #去10.0.0.0/24下一跳192.168.1.1
commit #应用配置
save #保存配置
---静态优先级
configure #进入配置
set protocols static route 10.0.0.0/24 next-hop 192.168.1.254 distance 2 #静态路由默认优先级为1,设置distance为2时,优先级低于没有设置distance的静态路由,或者设置了distance为1的静态路由
commit #应用配置
save #保存配置
---策略路由
configure #进入配置
set policy route lan-map rule 10 source address 192.168.2.2 #配置名称lan-map匹配源地址192.168.2.2
set policy route lan-map rule 10 set table 10 #配置名称lan-map打上table10的标签
set protocols static table 10 route 10.0.0.0/24 next-hop 192.168.1.100 #匹配table10标签的源地址192.168.2.2去10.0.0.0/24下一跳192.168.1.100
set interfaces ethernet eth1 policy route lan-map #eth1口调用lan-map策略路由
commit #应用配置
save #保存配置
# 基础设置
-配置主机名
set system host-name vyos
-增加配置,开启ssh服务并指定监听端口。
set service ssh port 22
-为接口配置IP
set interfaces ethernet eth0 address 1.1.1.1/24
-配置静态路由
set protocols static route 0.0.0.0/0 next-hop 1.1.1.2
-查看当前路由表
show ip route
-
-修过密码
...
set system login user xyos authentication plaintext-password wdqdmm@L
...
-set address
set interfaces ethernet eth0 address 192.168.1.10/24
-set gateway
set system gateway-address 192.168.1.1
-config DNS Forwarder
set service dns forwarding name-server 8.8.8.8
set service dns forwarding name-server 8.8.4.4
set service dns forwarding listen-on eth0
...
---OSPFv2配置
-开放式最短路径优先OSPF(Open Shortest Path First)是IETF组织开发的一个基于链路状态的内部网关协议
-配置接口地址、OSPF网络模式
set interfaces ethernet eth0 address '10.0.0.1/24'
set interfaces ethernet eth1 ip ospf network point-to-point
-配置lookback0
set interfaces loopback lo address '192.168.0.1/32'
-宣告接口
set protocols ospf area 0.0.0.0 network '192.168.0.1/32'
set protocols ospf area 0.0.0.0 network '10.0.0.0/24'
-配置ospf的路由ID
set protocols ospf parameters router-id '192.168.0.1'
-重分布直连路由到OSPF
set protocols ospf redistribute connected