基于PVE下的vyos安装记录-篇1
vyos是一个基于Debian下的router os,性能比op要强很多。
下面是硬件环境:
- N5105 4C4T
- 8G DDR4
- 128G SSD
- i225v 2.5G *4
安装PVE
写入U盘,用U盘引导,执行安装步骤。部分可以参考这个链接
注意
-
设定PVE管理ip为和路由同一网段
-
安装完成后换源,可以参考这个链接,否则没有企业订阅无法更新
-
在调试过程中,可能需要连接外网,这时需要在虚拟网桥中添加网关,同时用网线进行网络接入。
- 此时注意记录自己的网卡信息,以免在虚拟机中找不到自己需要的网卡
安装VyOS
说是Nightly很稳定,而且LTS非常贵,而且LTS不更新(
上传镜像
虚拟机配置
样例如下:
使用uefi引导,内存需要给2G以上,其他随意。网络由于选择直通管理网口外的所有网卡,这里选择无网络设备。
创建完成后,需要将网卡直通进虚拟机。
配置完进入liveCD的安装界面,默认用户密码为vyos/vyos。然后使用 install image执行安装。大部分情况都是默认即可。
配置VyOS
几个关键操作:
configure:进入配置模式show: 查询commit: 提交save: 保存
首先配置启用ssh,然后就可以使用终端连接了
configure
set service ssh
commit
save
exit
这里通了三个网口:eth0负责拨号,eth1,2为lan。
下面配置bridge,省略了进入配置模式,提交保存退出。
set interface bridge br0 address 192.168.xx.1/24
set interface bridge br0 member interface eth1
set interface bridge br0 member interface eth2
配置lan上的dhcp:
set service dhcp-server shard-network-name nat1 subnet 192.168.xx.0/24 default-router 192.168.xx.1
set service dhcp-server shard-network-name nat1 subnet 192.168.xx.0/24 name-server 192.168.xx.1
set service dhcp-server shard-network-name nat1 subnet 192.168.xx.0/24 range 0 start 192.168.xx.30
set service dhcp-server shard-network-name nat1 subnet 192.168.xx.0/24 range 0 stop 192.168.xx.250
配置firewall:
这里设置了3条规则。
set firewall name NET-IN default-action accept
set firewall name NET-IN rule 10 action accept
set firewall name NET-IN rule 10 state established enable
set firewall name NET-IN rule 10 related enable
set firewall name NET-LOCAL default-action accept
set firewall name NET-LOCAL rule 10 action accept
set firewall name NET-LOCAL rule 10 state established enable
set firewall name NET-LOCAL rule 10 related enable
set firewall name NET-LOCAL rule 20 action accept
set firewall name NET-LOCAL rule 20 icmp type-name echo-request
set firewall name NET-LOCAL rule 20 protocol icmp
set firewall name NET-LOCAL rule 20 state new enable
set firewall name NET-LOCAL rule 30 action accept
set firewall name NET-LOCAL rule 30 destination port 9993
set firewall name NET-LOCAL rule 30 protocol tcp_udp
set firewall name NET-OUT default-action accept
配置policy:
set policy route inside rule 3000 protocol tcp
set policy route inside rule 3000 set tcp-mss 1452
set policy route inside rule 3000 tcp flags syn
set policy route outside rule 3000 protocol tcp
set policy route outside rule 3000 set tcp-mss 1452
set policy route outside rule 3000 tcp flags syn
配置pppoe,这里命名为pppoe0:
set interface pppoe pppoe0 authentication user your_user
set interface pppoe pppoe0 authentication password your_password
set interface pppoe pppoe0 firewall in name NET-IN
set interface pppoe pppoe0 firewall local name NET-LOCAL
set interface pppoe pppoe0 firewall out name NET-OUT
set interface pppoe pppoe0 ipv6 address autoconf
set interface pppoe pppoe0 mtu 1492
set interface pppoe pppoe0 no-peer-dns
set interface pppoe pppoe0 policy route outside
set interface pppoe pppoe0 source-interface eth0
配置nat
set nat source rule 100 outbound-interface pppoe0
set nat source rule 100 source address 192.168.xx.0/24
set nat source translation address masquerade
set nat source rule 110 outbound-interface br0
set nat source translation address masquerade
配置dns-forwarding(暂时性的,以后安装诸如dnsmasq这类程序后就把它删掉)
set service dns forwarding name-server 119.29.29.29
set service dns forwarding name-server 223.5.5.5
set service dns forwarding allow-from 0.0.0.0/0
set service dns forwarding listen-address 0.0.0.0
配置一个本地dns方便后续更新
set system name-server 127.0.0.1
至此,v4部分可以使用了。
v6配置
由于不同运营商环境不同,仅供参考
set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface br0 address '1'
set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface br0 sla-id '0'
set interfaces pppoe pppoe0 dhcpv6-options pd 0 length '60'
如何更新
需要更新的时候,再下载新的镜像,然后引导改成新的镜像,再次进行安装。此时VyOS的config会保留。
Why VyOS
- 性能比OpenWrt强了不知道多少
- 类思科/H3C的Cli操作逻辑,上手后就很容易理解
- 基于debian,可以安装debian的软件源,可玩性比op高
缺点
- 没有webui
- 同样,三方软件也没有类似luci-app的webui,甚至op上有的插件,debian不一定有
- 需要完全从0开始配置,上手繁琐