Jafner/homelab
1
1
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity

Plan and Document VyOS Router Configuration #46

New Issue
Closed
opened 2022-07-29 11:15:41 -07:00 by Jafner · 9 comments
Jafner commented 2022-07-29 11:15:41 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

Attempt to identify and define a router configuration that will minimize the downtime to swap from the Ubiquiti EdgeRouter10X to the new custom VyOS build.

Attempt to identify and define a router configuration that will minimize the downtime to swap from the Ubiquiti EdgeRouter10X to the new custom VyOS build.
Jafner commented 2022-07-29 11:15:42 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

assigned to @Jafner

assigned to @Jafner
Jafner commented 2022-07-29 11:16:34 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

changed the description

changed the description
Jafner commented 2022-07-29 22:21:55 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

Prod Configuration

firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 30 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    options {
        mss-clamp {
            mss 1412
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        description "Internet (PPPoE)"
        duplex auto
        pppoe 0 {
            default-route auto
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            mtu 1492
            name-server auto
            password ****************
            user-id hafnerjoseph
        }
        speed auto
    }
    ethernet eth1 {
        address 192.168.2.1/24
        description Local
        duplex auto
        speed auto
    }
    ethernet eth2 {
        description "Local 2"
        duplex auto
        speed auto
    }
    ethernet eth3 {
        description "Local 2"
        duplex auto
        speed auto
    }
    ethernet eth4 {
        description "Local 2"
        duplex auto
        speed auto
    }
    ethernet eth5 {
        description "Local 2"
        duplex auto
        speed auto
    }
    ethernet eth6 {
        description "Local 2"
        duplex auto
        speed auto
    }
    ethernet eth7 {
        description "Local 2"
        duplex auto
        speed auto
    }
    ethernet eth8 {
        description "Local 2"
        duplex auto
        speed auto
    }
    ethernet eth9 {
        description "Local 2"
        duplex auto
        poe {
            output 24v
        }
        speed auto
    }
    loopback lo {
    }
    switch switch0 {
        address 192.168.1.1/24
        description "Local 2"
        mtu 1500
        switch-port {
            interface eth2 {
            }
            interface eth3 {
            }
            interface eth4 {
            }
            interface eth5 {
            }
            interface eth6 {
            }
            interface eth7 {
            }
            interface eth8 {
            }
            interface eth9 {
            }
            vlan-aware disable
        }
    }
}
port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface switch0
    rule 1 {
        description Plex
        forward-to {
            address 192.168.1.23
        }
        original-port 32400
        protocol tcp_udp
    }
    rule 2 {
        description BitTorrent
        forward-to {
            address 192.168.1.21
        }
        original-port 51000-51999
        protocol tcp_udp
    }
    rule 3 {
        description WireGuard
        forward-to {
            address 192.168.1.23
        }
        original-port 53820-53829
        protocol tcp_udp
    }
    rule 4 {
        description Minecraft
        forward-to {
            address 192.168.1.23
            port 25565
        }
        original-port 25565
        protocol tcp_udp
    }
    rule 5 {
        description Iperf
        forward-to {
            address 192.168.1.23
        }
        original-port 50201
        protocol tcp_udp
    }
    rule 6 {
        description https,http
        forward-to {
            address 192.168.1.23
        }
        original-port 443,80
        protocol tcp_udp
    }
    rule 7 {
        description "Peertube Live"
        forward-to {
            address 192.168.1.23
            port 22
        }
        original-port 1935
        protocol tcp_udp
    }
    rule 8 {
        description "Git SSH"
        forward-to {
            address 192.168.1.23
        }
        original-port 2228-2229
        protocol tcp_udp
    }
    rule 9 {
        description SFTP
        forward-to {
            address 192.168.1.23
        }
        original-port 23450
        protocol tcp_udp
    }
    rule 10 {
        description Terraria
        forward-to {
            address 192.168.1.100
            port 7777
        }
        original-port 50777
        protocol tcp_udp
    }
    rule 11 {
        description BitTorrent
        forward-to {
            address 192.168.1.23
        }
        original-port 50000
        protocol tcp_udp
    }
    wan-interface pppoe0
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN1 {
            authoritative enable
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 1.1.1.1
                dns-server 1.0.0.1
                domain-name local
                lease 86400
                start 192.168.1.100 {
                    stop 192.168.1.254
                }
                static-mapping U6-Lite {
                    ip-address 192.168.1.3
                    mac-address 78:45:58:67:87:14
                }
                static-mapping UAP-AC-LR {
                    ip-address 192.168.1.2
                    mac-address 18:e8:29:50:f7:5b
                }
                static-mapping joey-nas {
                    ip-address 192.168.1.10
                    mac-address 40:8d:5c:52:41:89
                }
                static-mapping joey-seedbox {
                    ip-address 192.168.1.21
                    mac-address 24:4b:fe:57:bc:85
                }
                static-mapping joey-server {
                    ip-address 192.168.1.23
                    mac-address 24:4b:fe:8b:f3:b0
                }
                static-mapping joeyPrinter {
                    ip-address 192.168.1.60
                    mac-address 9c:32:ce:7c:f8:25
                }
                static-mapping pihole {
                    ip-address 192.168.1.22
                    mac-address b8:27:eb:3c:8e:bb
                }
                static-mapping tasmota-1 {
                    ip-address 192.168.1.50
                    mac-address 3C:61:05:F6:44:1E
                }
                static-mapping tasmota-2 {
                    ip-address 192.168.1.51
                    mac-address 3c:61:05:f6:d7:d3
                }
                static-mapping tasmota-3 {
                    ip-address 192.168.1.52
                    mac-address 3c:61:05:f6:f0:62
                }
            }
        }
        shared-network-name LAN2 {
            authoritative enable
            subnet 192.168.2.0/24 {
                default-router 192.168.2.1
                dns-server 192.168.2.1
                lease 86400
                start 192.168.2.38 {
                    stop 192.168.2.243
                }
            }
        }
        static-arp disable
        use-dnsmasq enable
    }
    dns {
        forwarding {
            cache-size 150
            listen-on switch0
            name-server 192.168.1.1
            name-server 1.1.1.1
            name-server 1.0.0.1
            options strict-order
            system
        }
    }
    gui {
        http-port 8080
        https-port 4433
        older-ciphers enable
    }
    nat {
        rule 5010 {
            description "masquerade for WAN"
            outbound-interface pppoe0
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
    unms {
        disable
    }
}
system {
    domain-name local
    host-name ubnt
    login {
        user admin {
            authentication {
                encrypted-password ****************
                public-keys jafner425@gmail.com {
                    key ****************
                    type ssh-rsa
                }
                public-keys joey@joey-server {
                    key ****************
                    type ssh-rsa
                }
            }
            level admin
        }
    }
    name-server 127.0.0.1
    name-server 1.1.1.1
    name-server 1.0.0.1
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    offload {
        hwnat enable
    }
    package {
        repository stretch {
            components "main contrib non-free"
            distribution stretch
            password ****************
            url http://http.us.debian.org/debian
            username ""
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone America/Los_Angeles
}
### Prod Configuration ``` firewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 30 { action drop description "Drop invalid state" state { invalid enable } } } options { mss-clamp { mss 1412 } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { description "Internet (PPPoE)" duplex auto pppoe 0 { default-route auto firewall { in { name WAN_IN } local { name WAN_LOCAL } } mtu 1492 name-server auto password **************** user-id hafnerjoseph } speed auto } ethernet eth1 { address 192.168.2.1/24 description Local duplex auto speed auto } ethernet eth2 { description "Local 2" duplex auto speed auto } ethernet eth3 { description "Local 2" duplex auto speed auto } ethernet eth4 { description "Local 2" duplex auto speed auto } ethernet eth5 { description "Local 2" duplex auto speed auto } ethernet eth6 { description "Local 2" duplex auto speed auto } ethernet eth7 { description "Local 2" duplex auto speed auto } ethernet eth8 { description "Local 2" duplex auto speed auto } ethernet eth9 { description "Local 2" duplex auto poe { output 24v } speed auto } loopback lo { } switch switch0 { address 192.168.1.1/24 description "Local 2" mtu 1500 switch-port { interface eth2 { } interface eth3 { } interface eth4 { } interface eth5 { } interface eth6 { } interface eth7 { } interface eth8 { } interface eth9 { } vlan-aware disable } } } port-forward { auto-firewall enable hairpin-nat enable lan-interface switch0 rule 1 { description Plex forward-to { address 192.168.1.23 } original-port 32400 protocol tcp_udp } rule 2 { description BitTorrent forward-to { address 192.168.1.21 } original-port 51000-51999 protocol tcp_udp } rule 3 { description WireGuard forward-to { address 192.168.1.23 } original-port 53820-53829 protocol tcp_udp } rule 4 { description Minecraft forward-to { address 192.168.1.23 port 25565 } original-port 25565 protocol tcp_udp } rule 5 { description Iperf forward-to { address 192.168.1.23 } original-port 50201 protocol tcp_udp } rule 6 { description https,http forward-to { address 192.168.1.23 } original-port 443,80 protocol tcp_udp } rule 7 { description "Peertube Live" forward-to { address 192.168.1.23 port 22 } original-port 1935 protocol tcp_udp } rule 8 { description "Git SSH" forward-to { address 192.168.1.23 } original-port 2228-2229 protocol tcp_udp } rule 9 { description SFTP forward-to { address 192.168.1.23 } original-port 23450 protocol tcp_udp } rule 10 { description Terraria forward-to { address 192.168.1.100 port 7777 } original-port 50777 protocol tcp_udp } rule 11 { description BitTorrent forward-to { address 192.168.1.23 } original-port 50000 protocol tcp_udp } wan-interface pppoe0 } service { dhcp-server { disabled false hostfile-update disable shared-network-name LAN1 { authoritative enable subnet 192.168.1.0/24 { default-router 192.168.1.1 dns-server 1.1.1.1 dns-server 1.0.0.1 domain-name local lease 86400 start 192.168.1.100 { stop 192.168.1.254 } static-mapping U6-Lite { ip-address 192.168.1.3 mac-address 78:45:58:67:87:14 } static-mapping UAP-AC-LR { ip-address 192.168.1.2 mac-address 18:e8:29:50:f7:5b } static-mapping joey-nas { ip-address 192.168.1.10 mac-address 40:8d:5c:52:41:89 } static-mapping joey-seedbox { ip-address 192.168.1.21 mac-address 24:4b:fe:57:bc:85 } static-mapping joey-server { ip-address 192.168.1.23 mac-address 24:4b:fe:8b:f3:b0 } static-mapping joeyPrinter { ip-address 192.168.1.60 mac-address 9c:32:ce:7c:f8:25 } static-mapping pihole { ip-address 192.168.1.22 mac-address b8:27:eb:3c:8e:bb } static-mapping tasmota-1 { ip-address 192.168.1.50 mac-address 3C:61:05:F6:44:1E } static-mapping tasmota-2 { ip-address 192.168.1.51 mac-address 3c:61:05:f6:d7:d3 } static-mapping tasmota-3 { ip-address 192.168.1.52 mac-address 3c:61:05:f6:f0:62 } } } shared-network-name LAN2 { authoritative enable subnet 192.168.2.0/24 { default-router 192.168.2.1 dns-server 192.168.2.1 lease 86400 start 192.168.2.38 { stop 192.168.2.243 } } } static-arp disable use-dnsmasq enable } dns { forwarding { cache-size 150 listen-on switch0 name-server 192.168.1.1 name-server 1.1.1.1 name-server 1.0.0.1 options strict-order system } } gui { http-port 8080 https-port 4433 older-ciphers enable } nat { rule 5010 { description "masquerade for WAN" outbound-interface pppoe0 type masquerade } } ssh { port 22 protocol-version v2 } unms { disable } } system { domain-name local host-name ubnt login { user admin { authentication { encrypted-password **************** public-keys jafner425@gmail.com { key **************** type ssh-rsa } public-keys joey@joey-server { key **************** type ssh-rsa } } level admin } } name-server 127.0.0.1 name-server 1.1.1.1 name-server 1.0.0.1 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } offload { hwnat enable } package { repository stretch { components "main contrib non-free" distribution stretch password **************** url http://http.us.debian.org/debian username "" } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone America/Los_Angeles } ```
Jafner commented 2022-07-29 22:23:57 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

The prod configuration can be broken down into these top-level config topics:

The prod configuration can be broken down into these top-level config topics: - [firewall](https://docs.vyos.io/en/equuleus/configuration/firewall/index.html) - [interfaces](https://docs.vyos.io/en/equuleus/configuration/interfaces/index.html) - port-forward - service - system
Jafner commented 2022-07-29 22:26:11 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

Dev Configuration (VyOS):

interfaces {
    ethernet eth0 {
        description LAN
        hw-id d4:3d:7e:94:6e:eb
    }
    ethernet eth1 {
        address dhcp
        description LAN
        hw-id 00:15:17:b8:dc:28
    }
    ethernet eth2 {
        hw-id 00:15:17:b8:dc:29
    }
    ethernet eth3 {
        hw-id 00:15:17:b8:dc:2a
    }
    ethernet eth4 {
        hw-id 00:15:17:b8:dc:2b
    }
    loopback lo {
    }
}
service {
    monitoring {
        telegraf {
            prometheus-client {
            }
        }
    }
    ssh {
        disable-password-authentication
        port 22
    }
}
system {
    config-management {
        commit-revisions 100
    }
    conntrack {
        modules {
            ftp
            h323
            nfs
            pptp
            sip
            sqlnet
            tftp
        }
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name vyos
    login {
        user vyos {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
                public-keys main_id_rsa {
                    key ****************
                    type ssh-rsa
                }
            }
        }
    }
    name-server 192.168.1.1
    ntp {
        server time1.vyos.net {
        }
        server time2.vyos.net {
        }
        server time3.vyos.net {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
}
### Dev Configuration (VyOS): ``` interfaces { ethernet eth0 { description LAN hw-id d4:3d:7e:94:6e:eb } ethernet eth1 { address dhcp description LAN hw-id 00:15:17:b8:dc:28 } ethernet eth2 { hw-id 00:15:17:b8:dc:29 } ethernet eth3 { hw-id 00:15:17:b8:dc:2a } ethernet eth4 { hw-id 00:15:17:b8:dc:2b } loopback lo { } } service { monitoring { telegraf { prometheus-client { } } } ssh { disable-password-authentication port 22 } } system { config-management { commit-revisions 100 } conntrack { modules { ftp h323 nfs pptp sip sqlnet tftp } } console { device ttyS0 { speed 115200 } } host-name vyos login { user vyos { authentication { encrypted-password **************** plaintext-password **************** public-keys main_id_rsa { key **************** type ssh-rsa } } } } name-server 192.168.1.1 ntp { server time1.vyos.net { } server time2.vyos.net { } server time3.vyos.net { } } syslog { global { facility all { level info } facility protocols { level debug } } } } ```
Jafner commented 2022-07-29 22:45:14 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

We can run show configuration commands to itemize our configuration into testable units.
We can combine this with VyOS' commit-confirm command to smoke-test each configuration update in a controlled manner.

We can run `show configuration commands` to itemize our configuration into testable units. We can combine this with VyOS' [`commit-confirm`](https://docs.vyos.io/en/equuleus/cli.html#cfgcmd-commit-confirm-minutes) command to smoke-test each configuration update in a controlled manner.
Jafner commented 2022-07-31 13:18:53 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

Architecture

  • Everything upstream from the router should remain the same.
  • The modem uses the 192.168.0.0/24 subnet, so we can't use that one.
  • We should continue to use the 192.168.1.0/24 subnet for the house.
  • Build a standardized ruleset for assigning static IPs.

Router-Out Cabling plan

  • Router has eth0 from integrated NIC. Configure this as "emergency" interface for direct-connecting for troubleshooting and recovery.
  • Router has eth{1..4} from add-in NIC. This card is an Intel Pro/1000 PT Quad Port Server Adapter.
  • In the future, I'd like to add an Intel X540-T1 (or T2) for 10-gig connectivity through the router.
  • The router's eth1 interface should be the primary downstream. It should be configured as the new 192.168.1.1 default gateway for DHCP.
  • The router's eth1 should be connected to the uplink port (port 1) of the TP-Link 24-port switch.
  • The router's eth2 should be connected to the uplink port (port 5) of the TP-Link 5-port PoE switch.
  • The router's eth3 should be reserved for connecting to a multi-gig switch in the future.
  • The router's eth4 should be connected as WAN.
  • Interfaces eth1, eth2, and eth3should be configured to run as192.168.1.1/24` and the DHCP server should listen on these interfaces.
graph TD;

Router--eth1-->Switch1["TP-Link 24-port Gigabit switch"]
Router--eth2-->Switch2["TP-Link 5-port PoE Gigabit switch"]
Router--eth3-->Switch3["Future Multi-Gig switch"]
WAN--eth4-->Router

Switch1-->LAN["Wired Clients"]

Switch2--Cat6-PoE-->AP1["Ubiquiti Unifi U6-Lite"]
Switch2--Cat6-PoE-->AP2["Ubiquiti Unifi AP-AC-LR"]
AP1-->Wifi["Wireless Clients"]
AP2-->Wifi

Switch3-->NAS
Switch3-->Server
Switch3-->Desktop_Joey["Joey's Desktop"]

Wired Clients Cable Runs

Client Run Rafter-Run Length* Rafters to client
Modem Router 45 ft. 2 ft.
Joey PC Switch1 32 in. 89 in.
NAS Switch1 0 ft. ???
Server Switch1 0 ft. ???
Bee PC Switch1 3 ft. 4 ft.
Gus PC Switch1 12 ft. 82 in.
Maddie PC Switch1 22 ft. 82 in.
Dad PC Switch1 44 ft. 82 in.
Mom PC Switch1 45 ft. 60 in.
Downstairs TV Switch1 17 ft. 60 in.
Downstairs WAP Switch2 13 ft. 22 in. (or mount to rafter)
Upstairs TV Switch1 30 ft. 7.5 ft.
Upstairs WAP Switch2 22 ft. 10 ft.

*Rafter run length counts only the distance along the floor/ceiling. Does not account for distance from floor/ceiling to client.

  • Distance from switch to rafters ~= 4 ft.
  • Distance from rafters to client varies.
# Architecture - Everything upstream from the router should remain the same. - The modem uses the `192.168.0.0/24` subnet, so we can't use that one. - We should continue to use the `192.168.1.0/24` subnet for the house. - Build a standardized ruleset for assigning static IPs. ## Router-Out Cabling plan - Router has `eth0` from integrated NIC. Configure this as "emergency" interface for direct-connecting for troubleshooting and recovery. - Router has `eth{1..4}` from add-in NIC. This card is an [Intel Pro/1000 PT Quad Port Server Adapter](https://ark.intel.com/content/www/us/en/ark/products/50496/intel-pro1000-pt-quad-port-server-adapter.html). - In the future, I'd like to add an [Intel X540-T1](https://ark.intel.com/content/www/us/en/ark/products/58953/intel-ethernet-converged-network-adapter-x540t1.html) (or [T2](https://ark.intel.com/content/www/us/en/ark/products/58954/intel-ethernet-converged-network-adapter-x540t2.html)) for 10-gig connectivity through the router. - The router's `eth1` interface should be the primary downstream. It should be configured as the new `192.168.1.1` default gateway for DHCP. - The router's `eth1` should be connected to the uplink port (port 1) of the TP-Link 24-port switch. - The router's `eth2` should be connected to the uplink port (port 5) of the TP-Link 5-port PoE switch. - The router's `eth3` should be reserved for connecting to a multi-gig switch in the future. - The router's `eth4` should be connected as WAN. - Interfaces `eth1, `eth2`, and `eth3` should be configured to run as `192.168.1.1/24` and the DHCP server should listen on these interfaces. ```mermaid graph TD; Router--eth1-->Switch1["TP-Link 24-port Gigabit switch"] Router--eth2-->Switch2["TP-Link 5-port PoE Gigabit switch"] Router--eth3-->Switch3["Future Multi-Gig switch"] WAN--eth4-->Router Switch1-->LAN["Wired Clients"] Switch2--Cat6-PoE-->AP1["Ubiquiti Unifi U6-Lite"] Switch2--Cat6-PoE-->AP2["Ubiquiti Unifi AP-AC-LR"] AP1-->Wifi["Wireless Clients"] AP2-->Wifi Switch3-->NAS Switch3-->Server Switch3-->Desktop_Joey["Joey's Desktop"] ``` ### Wired Clients Cable Runs | Client | Run | Rafter-Run Length\* | Rafters to client | |:--------------:|:-------:|:-------------------:|:-----------------:| | Modem | Router | 45 ft. | 2 ft. | | Joey PC | Switch1 | 32 in. | 89 in. | | NAS | Switch1 | 0 ft. | ??? | | Server | Switch1 | 0 ft. | ??? | | Bee PC | Switch1 | 3 ft. | 4 ft. | | Gus PC | Switch1 | 12 ft. | 82 in. | | Maddie PC | Switch1 | 22 ft. | 82 in. | | Dad PC | Switch1 | 44 ft. | 82 in. | | Mom PC | Switch1 | 45 ft. | 60 in. | | Downstairs TV | Switch1 | 17 ft. | 60 in. | | Downstairs WAP | Switch2 | 13 ft. | 22 in. (or mount to rafter) | | Upstairs TV | Switch1 | 30 ft. | 7.5 ft. | | Upstairs WAP | Switch2 | 22 ft. | 10 ft. | \*Rafter run length counts only the distance along the floor/ceiling. Does not account for distance from floor/ceiling to client. - Distance from switch to rafters ~= 4 ft. - Distance from rafters to client varies.
Jafner commented 2022-07-31 17:55:42 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

mentioned in commit e60d5299e2

mentioned in commit e60d5299e2392809ca16853642155c12dc1930da
Jafner commented 2022-08-03 14:02:57 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

Done! The VyOS box is online and working (as far as has been tested) properly!

There are a few tickets to create for further work on this project:

  • Try out running PiHole on the router itself.
  • Build out monitoring for the router host.
  • Build out monitoring for the networking services.
  • Look into testing and optimizing first-connection latency (anecdotally feels slow).
  • Look into bridging two (or more) interfaces properly. This might be required for 10Gb down the line.
  • Look into using a remote Git repo for config management
  • Write documentation about how the router is configured.
Done! The VyOS box is online and working (as far as has been tested) properly! There are a few tickets to create for further work on this project: - Try out running PiHole on the router itself. - Build out monitoring for the router host. - Build out monitoring for the networking services. - Look into testing and optimizing first-connection latency (anecdotally feels slow). - Look into bridging two (or more) interfaces properly. This might be required for 10Gb down the line. - Look into using a remote Git repo for config management - Write documentation about how the router is configured.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Jafner/homelab#46
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?