I built with root user and plenty of disk space
To build rolling or 1.4 Sagitta
podman pull docker.io/vyos/vyos-build:current # or :sagitta for sagitta
git clone -b current --single-branch https://github.com/vyos/vyos-build # or -b sagitta for sagitta
cd vyos-build
podman run --rm -it --privileged --net host -v $(pwd):/vyos -w /vyos vyos/vyos-build:current bash
./build-vyos-image --architecture amd64 --build-by "jochen@winteltosh.de" generic
exit
login with
username: vyos
password: vyos
install via
install image
Show available interfaces
show interfaces
Enter configuration mode
configure
Delete ttyS0 from config when running a VM
delete system console device ttyS0
Change default keyboard layout to german
set system option keyboard-layout de
Set hostname and domain
set system host-name vyosofden1
set system domain-name demo.junicast.de
Configure DNS Server and search path
set system name-server 2001:4dd0:100:1020:53:2:0:2
set system domain-search domain demo.junicast.de
Configure pre-login banner
set system login banner pre-login "This is a system with restricted access. If you are not authorized, leave now. Contravention will be prosecuted."
Configure own ntp
set service ntp server 2.de.pool.ntp.org
set service ntp server 2.nl.pool.ntp.org
delete service ntp server time1.vyos.net
delete service ntp server time2.vyos.net
delete service ntp server time3.vyos.net
Configure upstream interace
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 address dhcpv6
set interfaces ethernet eth0 ipv6 address autoconf
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 address '100'
set interfaces ethernet eth0 description 'UPSTREAM'
Configure downstream interface
set interfaces ethernet eth1 address '192.168.0.1/24'
set interfaces ethernet eth1 description 'DOWNSTREAM'
Configure Router Advertisement
set service router-advert interface eth1
set service router-advert interface eth1 name-server 2001:4dd0:100:1020:53:2:0:2
set service router-advert interface eth1 prefix ::/64 valid-lifetime '172800'
Configure DHCP
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 name-server '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 domain-name 'demo.junicast.de'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease '86400'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 start 192.168.0.9
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 stop '192.168.0.254'
set service dns forwarding cache-size '0'
set service dns forwarding listen-address '192.168.0.1'
set service dns forwarding allow-from '192.168.0.0/24'
IP Masquerading for IPv4
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address '192.168.0.0/24'
set nat source rule 100 translation address masquerade
Basic stateful firewall
set firewall name OUTSIDE-IN default-action 'drop'
set firewall name OUTSIDE-IN rule 10 action 'accept'
set firewall name OUTSIDE-IN rule 10 state established 'enable'
set firewall name OUTSIDE-IN rule 10 state related 'enable'
set firewall name OUTSIDE-LOCAL default-action 'drop'
set firewall name OUTSIDE-LOCAL rule 10 action 'accept'
set firewall name OUTSIDE-LOCAL rule 10 state established 'enable'
set firewall name OUTSIDE-LOCAL rule 10 state related 'enable'
set firewall name OUTSIDE-LOCAL rule 20 action 'accept'
set firewall name OUTSIDE-LOCAL rule 20 icmp type-name 'echo-request'
set firewall name OUTSIDE-LOCAL rule 20 protocol 'icmp'
set firewall name OUTSIDE-LOCAL rule 20 state new 'enable'
Accept SSH from WAN
set firewall name OUTSIDE-LOCAL rule 30 action 'drop'
set firewall name OUTSIDE-LOCAL rule 30 destination port '22'
set firewall name OUTSIDE-LOCAL rule 30 protocol 'tcp'
set firewall name OUTSIDE-LOCAL rule 30 recent count '4'
set firewall name OUTSIDE-LOCAL rule 30 recent time 'minute'
set firewall name OUTSIDE-LOCAL rule 30 state new 'enable'
set firewall name OUTSIDE-LOCAL rule 31 action 'accept'
set firewall name OUTSIDE-LOCAL rule 31 destination port '22'
set firewall name OUTSIDE-LOCAL rule 31 protocol 'tcp'
set firewall name OUTSIDE-LOCAL rule 31 state new 'enable'
Apply firewall rules
set interfaces ethernet eth0 firewall in name 'OUTSIDE-IN'
set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL'
Enable SSH
set service ssh port 22
Setup ntopng for monitoring
allow-host-networks
arguments "-i eth0"
cap-add net-admin
cap-add setpcap
cap-add sys-admin
cap-add net-raw
description ntop-ng
image ntop/ntopng:stable
port ntopdefault {
destination 3000
protocol tcp
source 3000
}
restart always
Enable API
tbc
Save for next reboot
save
End configuration mode
exit
Pull the Image
podman pull vyos/vyos-build:equuleus
Fetch data via git
git clone -b equuleus --single-branch https://github.com/vyos/vyos-build
Switch into the git repo dir
cd vyos-build
Spawn a container from the image and run bash within the directory you're currently in (vyos-build)
podman run --rm -it --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:equuleus bash
Configre and build
./configure --architecture amd64 --build-by "jochen@libcom.de"
Also see here
If you have built a newer version of vyos you can upgrade like that.
Fetch new image from https
add system image https://images.lpv4.net/vyos/vyos-1.3-rolling-202309171402-amd64.iso
Choose yes
Do you want to continue without signature check? (yes/no) [yes]
Choose an Image name
What would you like to name this image? [1.3-rolling-202309171402]:
Keep config
Would you like to save the current configuration
directory and config file? (Yes/No) [Yes]:
Would you like to save the SSH host keys from your
current configuration? (Yes/No) [Yes]:
Now reboot and the system will run on the newest version
reboot
Check version
show version