Using a VyOS Router with Hyper-V

Please share with your friends...
  • 1
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    1
    Share

Configuration

Perform the following steps from the Hyper-V Virtual Machine Connection window.

  1. VyOS will boot from the local disk. When ready, the login prompt will be displayed.
    Welcome to VyOS - vyos tty1
    
    vyos login:
  2. Type vyos and press Enter. The password prompt will be displayed.
    Password:
  3. Type your chosen password and press Enter. The Welcome to VyOS login banner will be displayed.
    Linux vyos 3.13.11-1-amd64-vyos #1 SMP Wed Aug 12 02:08:05 UTC 2015 x86_64
    Welcome to VyOS.
    This system is open-source software. The exact distribution terms for
    each module comprising the full system are described in the individual
    files in /usr/share/doc/*/copyright.
  4. Enter router configuration mode, using the following command:
    configure
  5. Configure the external ethernet interface to use DHCP, using the following command:
    set interfaces ethernet eth0 address dhcp
  6. Enable the SSH service, using the following command:
    set service ssh port 22
  7. Commit changes, using the following command:
    commit

    The command will produce output similar to the following:

    [ interfaces ethernet eth0 address dhcp ]
    Starting DHCP client on eth0 ...
    
    [ service ssh ]
    Restarting OpenBSD Secure Shell server: sshd.
  8. Save changes to the startup configuration, using the following command:
    save

    The command will produce output similar to the following:

    Saving configuration to '/config/config.boot'...
    Done
  9. Exit router configuration mode, using the following command:
    exit
  10. Show a list of network interfaces, using the following command:
    show interfaces

    The command will produce output similar to the following:

    Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
    Interface        IP Address                        S/L  Description
    ---------        ----------                        ---  -----------
    eth0             192.168.137.110/24                u/u
    eth1             -                                 u/u
    lo               127.0.0.1/8                       u/u
                     ::1/128
    Take note of the IP Address of external interface eth0, as you can establish an SSH connection with this address using a client such as Putty – the benefit of which is that you can copy and paste commands directly into the remote SSH session!

    Although you can continue to perform the remaining steps from the Hyper-V Virtual Machine Connection window, it is highly recommended that you use a SSH client instead.

  11. Enter router configuration mode, using the following command:
    configure
  12. Set the description for the eth0 external interface, using the following command:
    set interfaces ethernet eth0 description 'External'
  13. Configure the eth1 internal interface, using the following commands:
    set interfaces ethernet eth1 address 172.16.0.1/24
    set interfaces ethernet eth1 description 'Untagged'

    The 172.16.0.0 class B IPv4 private address range is used, and subnetted into smaller class C IPv4 private address ranges for each VLAN. This address space is not as commonly used as the 10.0.0.0 class A or 192.168.0.0 class C IPv4 private address ranges.

VLANs

  1. Configure VLAN interfaces bound to eth1, using the following commands:
    set interfaces ethernet eth1 vif 1 address 172.16.1.1/24
    set interfaces ethernet eth1 vif 1 description 'VLAN 1'
    set interfaces ethernet eth1 vif 2 address 172.16.2.1/24
    set interfaces ethernet eth1 vif 2 description 'VLAN 2'
    set interfaces ethernet eth1 vif 3 address 172.16.3.1/24
    set interfaces ethernet eth1 vif 3 description 'VLAN 3'
    set interfaces ethernet eth1 vif 4 address 172.16.4.1/24
    set interfaces ethernet eth1 vif 4 description 'VLAN 4'
    set interfaces ethernet eth1 vif 5 address 172.16.5.1/24
    set interfaces ethernet eth1 vif 5 description 'VLAN 5'

    Add more (or less) virtual interfaces as required. I recommend the convention of vif x and address 172.16.x.1/24, where x is the VLAN ID.

DNS

  1. Configure Domain Name System (DNS) forwarding for the VyOS router, using the following commands:
    set service dns forwarding dhcp eth0
    set service dns forwarding cache-size 0
    set service dns forwarding listen-on eth1

    Configure DNS forwarding for each of the VLAN interfaces, using the following commands:

    set service dns forwarding listen-on eth1.1
    set service dns forwarding listen-on eth1.2
    set service dns forwarding listen-on eth1.3
    set service dns forwarding listen-on eth1.4
    set service dns forwarding listen-on eth1.5

    Include commands for VLANs that you want to enable DNS forwarding only. If you have your own Active Directory environment or DNS server, then adding DNS forwarding for each VLAN may not be a desirable or required option.

DHCP

  1. The Dynamic Host Configuration Protocol (DHCP) can be used for automatic addressing on each VLAN. There are two options available for DHCP addressing, and both can be used simultaneously – as long as they are servicing separate VLANs:
    • VyOS DHCP Server: The VyOS router includes its own DHCP server, which can be enabled using the following command:
      set service dhcp-server disabled false

      The DHCP server can service each VLAN interface, if required. You will need the following information for each DHCP lease scope you want to create:

      Scope Name eth1_vifx
      Subnet 172.16.x.0/24
      Lease Start 172.16.x.100
      Lease Stop 172.16.x.199
      Default Router 172.16.x.1
      DNS Server 172.16.x.1

      Where x is the VLAN ID. The DNS Server address will also depend on whether you have configured DNS forwarding for the VLAN interface, or are using your own DNS server.

      To create a DHCP lease scope for eth1 VLAN1, use the following commands:

      set service dhcp-server shared-network-name eth1_vif1 subnet 172.16.1.0/24 start 172.16.1.100 stop 172.16.1.199
      set service dhcp-server shared-network-name eth1_vif1 subnet 172.16.1.0/24 default-router 172.16.1.1
      set service dhcp-server shared-network-name eth1_vif1 subnet 172.16.1.0/24 dns-server 172.16.1.1
      set service dhcp-server shared-network-name eth1_vif1 subnet 172.16.1.0/24 lease 86400

      Repeat these commands for each subnet (VLAN) that you want to create a DHCP lease scope for. Do not create a DHCP lease scope on a VLAN that will be serviced by another DHCP server.

    • Third-Party DHCP Server: This will generally be Windows Server running DHCP services. To service clients across multiple VLANs, you will need to configure the DHCP-Relay agent to forward client requests from one VLAN directly to the DHCP server located on another VLAN, using the following commands:
      set service dhcp‐relay interface eth1.4
      set service dhcp‐relay interface eth1.5
      set service dhcp‐relay server 172.16.1.20
      set service dhcp‐relay server 172.16.2.20

      These commands will forward all DHCP requests from clients on VLANs 4 and 5 to DHCP servers 172.16.1.20 (VLAN 1) and 172.16.2.20 (VLAN 2). If either of those servers are running DHCP and have valid lease scopes for VLANs 4 or 5, then they will respond to client requests.

NAT

  1. Network Address Translation (NAT) can be used to provide masqueraded connectivity through the external eth0 outbound interface. There are two options for configuring NAT:
    • Global: If you want all subnets (VLANs) to have NAT connectivity enabled, use the following commands:
      set nat source rule 100 outbound-interface eth0
      set nat source rule 100 source address 172.16.0.0/16
      set nat source rule 100 translation address masquerade
    • Subnets: If you want to specify which individual subnets (VLANs) have NAT connectivity enabled, use the following commands:
      set nat source rule 100 outbound-interface eth0
      set nat source rule 100 source address 172.16.0.0/24
      set nat source rule 100 translation address masquerade
      set nat source rule 101 outbound-interface eth0
      set nat source rule 101 source address 172.16.1.0/24
      set nat source rule 101 translation address masquerade
      set nat source rule 102 outbound-interface eth0
      set nat source rule 102 source address 172.16.2.0/24
      set nat source rule 102 translation address masquerade

      Include rules for the subnets (VLANs) where you want NAT enabled only.

DNAT (Port Forwarding)

  1. Destination Network Address Translation (DNAT), typically referred to as Port Forwarding, can be used to redirect incoming traffic to a virtual machine behind the router’s external interface.To enable port forwarding for the Remote Desktop Protocol (RDP) TCP 3389 to virtual machine 172.16.1.20, use the following commands:
    set nat destination rule 100 description 'RDP to 172.16.1.20:3389'
    set nat destination rule 100 destination port 3389
    set nat destination rule 100 inbound-interface eth0
    set nat destination rule 100 protocol tcp
    set nat destination rule 100 translation address 172.16.1.20
    set nat destination rule 100 translation port 3389

    Use the Remote Desktop Connection client to connect to the VyOS eth0 external address. Use a different destination port value for each virtual machine forward rule.

  1. Commit changes, using the following command:
    commit
  2. Save changes to the startup configuration, using the following command:
    save

    The command will produce output similar to the following:

    Saving configuration to '/config/config.boot'...
    Done
  3. Exit router configuration mode, using the following command:
    exit
  4. Show a list of network interfaces, using the following command:
    show interfaces

    The command will produce output similar to the following:

    Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
    Interface        IP Address                        S/L  Description
    ---------        ----------                        ---  -----------
    eth0             192.168.137.110/24                u/u  External
    eth1             172.16.0.1/24                     u/u  Untagged
    eth1.1           172.16.1.1/24                     u/u  VLAN 1
    eth1.2           172.16.2.1/24                     u/u  VLAN 2
    eth1.3           172.16.3.1/24                     u/u  VLAN 3
    eth1.4           172.16.4.1/24                     u/u  VLAN 4
    eth1.5           172.16.5.1/24                     u/u  VLAN 5
    lo               127.0.0.1/8                       u/u
                     ::1/128

VyOS is now configured as a virtual router in Hyper-V!


Please share with your friends...
  • 1
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    1
    Share

7 comments

  1. Hey Chris,
    Nice work! Easy to follow as well. I’ve been doing something similar with 2012R2 Routing and Remote Access with VLANs but I have 2 x hosts running 2012R2 (both with a single NIC) and then have three VLANs that need to be routed. I needed both hosts to be in the domain so I can configure constrained delegation and move VMs between hosts. Have you tried this config on two hosts?

    1. Hi Martin!

      Thanks for you comments 🙂 What you are currently doing with RRAS should be quite easy with VyOS – although I haven’t specifically tried it.

      Kind Regards,
      Chris.

  2. Hi Chris,

    It works! Just started learning VyOs and this guide helps me a lot!
    Thank you very much.

    wks_adm

  3. Hi Chris,

    It is possible that I can communicate with the VM into my local machine? I tried to use the Internal Network adapter but I can’t ping the VM’s IP. Thank you in advance.

    1. Hi wks_adm,

      The VyOS configuration presented in the tutorial uses NAT in the same way as a home broadband router, so by default it is not possible for your host machine on the “outside” to communicate with a virtual machine on the “inside”. However, like a router, in VyOS you can setup port forwarding (Desination NAT) – so you can manually setup rules to allow individual outside connections through.

      For example, the following commands enable port forwarding for RDP (TCP 3389) to host 172.16.1.20:

      set nat destination rule 10 description 'RDP to 172.16.1.20:3389'
      set nat destination rule 10 destination port 3389
      set nat destination rule 10 inbound-interface eth0
      set nat destination rule 10 protocol tcp
      set nat destination rule 10 translation address 172.16.1.20
      set nat destination rule 10 translation port 3389

      RDP to the VyOS eth0 external address. Use different destination port addresses for multiple hosts with the same service.

      Hope that helps!
      Chris.

  4. Hi Chris,

    Fantastic! I was looking this for kind of tutorial, I followed all the instructions and it works like a Charm
    Thank you very much for spending your time making this great tutorial.

Leave a Reply