47ee6aaecc4aca15fe0f2438753e7611575c2c16
howto-slash-vyos.md
| ... | ... | @@ -1,48 +0,0 @@ |
| 1 | -#VyOS |
|
| 2 | -VyOS is an open source router. The developers have a nightly rolling release that includes all the latest features such as Wireguard. It can be downloaded here https://www.vyos.io/rolling-release/. |
|
| 3 | - |
|
| 4 | - |
|
| 5 | -_1.3-rolling-202004300117 is a known good release to work with Wireguard and DN42._ |
|
| 6 | - |
|
| 7 | - |
|
| 8 | -##Quick Start |
|
| 9 | -###Quick to-do-list from router deployment to receiving DN42 routes |
|
| 10 | -1. Establish internet connectivity. |
|
| 11 | -2. Setup Wireguard. |
|
| 12 | -3. Setup BGP. |
|
| 13 | -4. `show ip route` |
|
| 14 | - |
|
| 15 | - |
|
| 16 | -##Wireguard |
|
| 17 | -1. First we need to setup keys. `generate wireguard default-keypair` |
|
| 18 | -2. Grab your public key and save it for later. This will be shared with peers. `show wireguard keypairs pubkey default` |
|
| 19 | -3. Next we need to configure our peer. They should have provided their endpoint public IP, port, and public wireguard key. |
|
| 20 | -`set interfaces wireguard wg01 address '172.x.x.x/32'` - this is a single address within your DN42 registered address space |
|
| 21 | -`set interfaces wireguard wg01 peer OtherGuy1 allowed-ips '0.0.0.0/0''` - it's just easier to filter traffic with the firewall |
|
| 22 | -`set interfaces wireguard wg01 peer OtherGuy1 address 'x.x.x.x:12345'` - this is the public IP of your peers endpoint |
|
| 23 | -`set interfaces wireguard wg01 OtherGuy1 port '12345'` - the configured port on your peers endpoint |
|
| 24 | -`set interfaces wireguard wg01 peer OtherGuy1 pubkey 'XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI='` - your peers public wireguard key |
|
| 25 | -`set interfaces wireguard wg01 port '12345'` - the port your wireguard endpoint will "listen" on |
|
| 26 | -4. In case you are wondering how you are going to route packets anywhere with a /32, the next command explains it all. |
|
| 27 | -`set protocols static interface-route 172.x.x.x/32 next-hop-interface wg01` - this is a single provided address by your peer that is assigned to them in the registry |
|
| 28 | - |
|
| 29 | - |
|
| 30 | -####Coming Soon |
|
| 31 | - |
|
| 32 | -Setup BGP |
|
| 33 | - |
|
| 34 | -Neighbor Up With Peer via BGP |
|
| 35 | - |
|
| 36 | -RPKI/ROA Checking |
|
| 37 | - |
|
| 38 | -Firewall Would be a good idea… |
|
| 39 | - |
|
| 40 | - |
|
| 41 | - |
|
| 42 | - |
|
| 43 | - |
|
| 44 | - |
|
| 45 | - |
|
| 46 | - |
|
| 47 | - |
|
| 48 | - |
howto/vyos.md
| ... | ... | @@ -0,0 +1,48 @@ |
| 1 | +#VyOS |
|
| 2 | +VyOS is an open source router. The developers have a nightly rolling release that includes all the latest features such as Wireguard. It can be downloaded here https://www.vyos.io/rolling-release/. |
|
| 3 | + |
|
| 4 | + |
|
| 5 | +_1.3-rolling-202004300117 is a known good release to work with Wireguard and DN42._ |
|
| 6 | + |
|
| 7 | + |
|
| 8 | +##Quick Start |
|
| 9 | +###Quick to-do-list from router deployment to receiving DN42 routes |
|
| 10 | +1. Establish internet connectivity. |
|
| 11 | +2. Setup Wireguard. |
|
| 12 | +3. Setup BGP. |
|
| 13 | +4. `show ip route` |
|
| 14 | + |
|
| 15 | + |
|
| 16 | +##Wireguard |
|
| 17 | +1. First we need to setup keys. `generate wireguard default-keypair` |
|
| 18 | +2. Grab your public key and save it for later. This will be shared with peers. `show wireguard keypairs pubkey default` |
|
| 19 | +3. Next we need to configure our peer. They should have provided their endpoint public IP, port, and public wireguard key. |
|
| 20 | +`set interfaces wireguard wg01 address '172.x.x.x/32'` - this is a single address within your DN42 registered address space |
|
| 21 | +`set interfaces wireguard wg01 peer OtherGuy1 allowed-ips '0.0.0.0/0''` - it's just easier to filter traffic with the firewall |
|
| 22 | +`set interfaces wireguard wg01 peer OtherGuy1 address 'x.x.x.x:12345'` - this is the public IP of your peers endpoint |
|
| 23 | +`set interfaces wireguard wg01 OtherGuy1 port '12345'` - the configured port on your peers endpoint |
|
| 24 | +`set interfaces wireguard wg01 peer OtherGuy1 pubkey 'XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI='` - your peers public wireguard key |
|
| 25 | +`set interfaces wireguard wg01 port '12345'` - the port your wireguard endpoint will "listen" on |
|
| 26 | +4. In case you are wondering how you are going to route packets anywhere with a /32, the next command explains it all. |
|
| 27 | +`set protocols static interface-route 172.x.x.x/32 next-hop-interface wg01` - this is a single provided address by your peer that is assigned to them in the registry |
|
| 28 | + |
|
| 29 | + |
|
| 30 | +####Coming Soon |
|
| 31 | + |
|
| 32 | +Setup BGP |
|
| 33 | + |
|
| 34 | +Neighbor Up With Peer via BGP |
|
| 35 | + |
|
| 36 | +RPKI/ROA Checking |
|
| 37 | + |
|
| 38 | +Firewall Would be a good idea… |
|
| 39 | + |
|
| 40 | + |
|
| 41 | + |
|
| 42 | + |
|
| 43 | + |
|
| 44 | + |
|
| 45 | + |
|
| 46 | + |
|
| 47 | + |
|
| 48 | + |