途中）さくらのクラウドでvyosでルータ冗長化

7659 ワード

VyOS さくらのクラウドさくらのクラウドテキストリンク

さくらのクラウドを使っていて
VPN接続等で使っているVPCルータを冗長化しなければいけない使命感に駆られた...

しかし会社は費用がかかることを渋るのでvyOSで作ってみよう

脳内完成イメージ図

さくらのクラウドで作成

さくらのクラウドでスイッチを作成

さくらのクラウドでサーバを２台作成
NICを追加して作成したスイッチに接続する

vyosのisoをダウンロードしてインストール
（私の記憶が確かならば前まで公式アーカイブにvyosあったのになくなっていた...)
vyos1.3

初期ユーザ:vyos
パスワード:vyos

install image
でインストール。
基本的に設問に答えていけば終わる。

vpsの場合
http://komo-jp.hatenablog.com/entry/2018/07/02/224950

再起動
reboot

vyos設定

configureで設定モード？
変更したらcommit
そしてsave
exitでconfigureを抜ける

configure

とりあえず、eth0を設定
set interfaces ethernet eth0 address グローバルIP
set interfaces ethernet eth0 description 'OUT eth0'
set protocols static route 0.0.0.0/0 next-hop ゲートウェイ
set system name-server ネームサーバ1-133.242.0.3
set system name-server ネームサーバ2-133.242.0.4

パスワードを設定
set system login user ユーザ名 authentication plaintext-password パスワード

そしてとりあえずsshでつなぎたいので
set service ssh port '8929'

commit
save
exit

ホスト名設定

---vyos01
set systen host-name vyos01
---vyos02
set system host-name vyos02

タイムゾーン設定

set system time-zone Asia/Tokyo

ネットワークIF設定

---vyos01
set interfaces ethernet eth1 address 192.168.20.2/24
---vyos02
set interfaces ethernet eth1 address 192.168.20.3/24

set interfaces ethernet eth1 description 'IN eth1'

ssh ポート変更
set service ssh port '8929'

ファイアウォール設定

set firewall name OUTSIDE-IN default-action 'drop'
set firewall name OUTSIDE-IN rule 10 action 'accept'
set firewall name OUTSIDE-IN rule 10 state established 'enable'
set firewall name OUTSIDE-IN rule 10 state related 'enable'

set firewall name OUTSIDE-LOCAL default-action 'drop'
set firewall name OUTSIDE-LOCAL rule 10 action 'accept'
set firewall name OUTSIDE-LOCAL rule 10 state established 'enable'
set firewall name OUTSIDE-LOCAL rule 10 state related 'enable'
set firewall name OUTSIDE-LOCAL rule 20 action 'accept'
set firewall name OUTSIDE-LOCAL rule 20 icmp type-name 'echo-request'
set firewall name OUTSIDE-LOCAL rule 20 protocol 'icmp'
set firewall name OUTSIDE-LOCAL rule 20 state new 'enable'

set firewall name OUTSIDE-LOCAL rule 30 action 'drop'
set firewall name OUTSIDE-LOCAL rule 30 destination port '22'
set firewall name OUTSIDE-LOCAL rule 30 protocol 'tcp'
set firewall name OUTSIDE-LOCAL rule 30 recent count '4'
set firewall name OUTSIDE-LOCAL rule 30 recent time '60'
set firewall name OUTSIDE-LOCAL rule 30 state new 'enable'

set firewall name OUTSIDE-LOCAL rule 31 action 'accept'
set firewall name OUTSIDE-LOCAL rule 31 destination port '8929'
set firewall name OUTSIDE-LOCAL rule 31 protocol 'tcp'
set firewall name OUTSIDE-LOCAL rule 31 state new 'enable'

set interfaces ethernet eth0 firewall in name 'OUTSIDE-IN'
set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL'

NAT設定

set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address '192.168.20.0/24'
set nat source rule 100 translation address masquerade

DHCP設定

---vyos01
set service dhcp-server shared-network-name dhcp01 authoritative
set service dhcp-server shared-network-name dhcp01 subnet 192.168.20.0/24 default-router 192.168.20.2
set service dhcp-server shared-network-name dhcp01 subnet 192.168.20.0/24 dns-server 192.168.20.2
set service dhcp-server shared-network-name dhcp01 subnet 192.168.20.0/24 range 0 start 192.168.20.4
set service dhcp-server shared-network-name dhcp01 subnet 192.168.20.0/24 range 0 stop 192.168.20.9
---vyos02
set service dhcp-server shared-network-name dhcp01 authoritative
set service dhcp-server shared-network-name dhcp01 subnet 192.168.20.0/24 default-router 192.168.20.3
set service dhcp-server shared-network-name dhcp01 subnet 192.168.20.0/24 dns-server 192.168.20.3
set service dhcp-server shared-network-name dhcp01 subnet 192.168.20.0/24 range 0 start 192.168.20.4
set service dhcp-server shared-network-name dhcp01 subnet 192.168.20.0/24 range 0 stop 192.168.20.9

static MAC=IP
[sample]set service dhcp‐server shared‐network‐name dhcpexample subnet 172.16.17.0/24 static‐mapping static-mapping-01 ip‐address 172.16.17.10
[sample]set service dhcp‐server shared‐network‐name dhcpexample subnet 172.16.17.0/24 static‐mapping static-mapping-01 mac‐address ff:ff:ff:ff:ff:ff

VRRP設定

router1 192.168.20.2
router2 192.168.20.3
仮想IP 192.168.20.1

----vyos01
set high-availability vrrp group nbs vrid 10
set high-availability vrrp group nbs interface eth1
set high-availability vrrp group nbs virtual-address 192.168.20.1/24
set high-availability vrrp group nbs hello-source-address '192.168.20.2'
set high-availability vrrp group nbs peer-address '192.168.20.3'
set high-availability vrrp group nbs priority '200'

----vyos02
set high-availability vrrp group nbs vrid 10
set high-availability vrrp group nbs interface eth1
set high-availability vrrp group nbs virtual-address 192.168.20.1/24
set high-availability vrrp group nbs hello-source-address '192.168.20.3'
set high-availability vrrp group nbs peer-address '192.168.20.2'
set high-availability vrrp group nbs priority '200'

Author And Source

この問題について(途中）さくらのクラウドでvyosでルータ冗長化), 我々は、より多くの情報をここで見つけました https://qiita.com/tcf775/items/dd9bb1e688dcc790151e

著者帰属：元の著者の情報は、元のURLに含まれています。著作権は原作者に属する。

Content is automatically searched and collected through network algorithms . If there is a violation . Please contact us . We will adjust (correct author information ,or delete content ) as soon as possible .