howto/vyos
VyOS
VyOS is an open source router. The developers have a nightly rolling release that includes all the latest features such as Wireguard. It can be downloaded here https://www.vyos.io/rolling-release/.
1.3-rolling-202004300117 is a known good release to work with Wireguard and DN42.
Quick Start
Quick to-do-list from router deployment to receiving DN42 routes
- Establish internet connectivity.
- Setup Wireguard.
- Setup BGP.
show ip route
Wireguard
- First we need to setup keys.
generate wireguard default-keypair - Grab your public key and save it for later. This will be shared with peers.
show wireguard keypairs pubkey default - Next we need to configure our peer. They should have provided their endpoint public IP, port, and public wireguard key.
set interfaces wireguard wg01 address '172.x.x.x/32'- this is a single address within your DN42 registered address spaceset interfaces wireguard wg01 peer OtherGuy1 allowed-ips '0.0.0.0/0''- it's just easier to filter traffic with the firewallset interfaces wireguard wg01 peer OtherGuy1 address 'x.x.x.x'- this is the public IP of your peers endpointset interfaces wireguard wg01 OtherGuy1 port '12345'- the configured port on your peers endpointset interfaces wireguard wg01 peer OtherGuy1 pubkey 'XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI='- your peers public wireguard keyset interfaces wireguard wg01 port '12345'- the port your wireguard endpoint will "listen" on - In case you are wondering how you are going to route packets anywhere with a /32, the next command explains it all.
set protocols static interface-route 172.x.x.x/32 next-hop-interface wg01- this is a single provided address by your peer that is assigned to them in the registry
Coming Soon
Setup BGP
Neighbor Up With Peer via BGP
RPKI/ROA Checking
Firewall Would be a good idea…