howto/vyos
VyOS
VyOS is an open source router. The developers have a nightly rolling release that includes all the latest features such as Wireguard. It can be downloaded here https://www.vyos.io/rolling-release/.
1.3-rolling-202004300117 is a known good release to work with Wireguard and DN42.
Quick Start
Quick to-do-list from router deployment to receiving DN42 routes
- Establish internet connectivity.
- Setup Wireguard.
- Setup BGP.
show ip route
Wireguard
Setup Keys
generate wireguard default-keypair
show wireguard keypairs pubkey default
Grab your public key and save it for later. This will be shared with peers.
Configure Peer Tunnel
They should have provided their endpoint public IP, port, DN42 address, and public wireguard key.
set interfaces wireguard wg01 address '172.x.x.x/32'
this is a single address within your DN42 registered address space
set interfaces wireguard wg01 peer OtherGuy1 allowed-ips '0.0.0.0/0''
it's just easier to filter traffic with the firewall
set interfaces wireguard wg01 peer OtherGuy1 address 'x.x.x.x'
this is the public IP of your peers endpoint
set interfaces wireguard wg01 OtherGuy1 port '12345'
_the configured port on your peers endpoint_
set interfaces wireguard wg01 peer OtherGuy1 pubkey 'XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI='
_your peers public wireguard key_
set interfaces wireguard wg01 port '12345'`
the port your wireguard endpoint will "listen" on
Set Static Route
In case you are wondering how you are going to route packets anywhere with a /32, the next command explains it all.
set protocols static interface-route 172.x.x.x/32 next-hop-interface wg01
this is a single provided address by your peer that is assigned to them in the registry
Coming Soon
Setup BGP
Neighbor Up With Peer via BGP
RPKI/ROA Checking
Firewall Would be a good idea…