Vyos的基本配置

修改用户密码

  • Enter configuration mode
    configure
  • Set password
    set system login user [username] authentication plaintext-password [password]
    Note: The password is stored encrypted after commit.
  • Commit and save changes
    commit
    save

配置IP地址

  • Enter configuration mode
    configure
  • set address
    set interfaces ethernet eth0 address 192.168.1.1/24
  • set gateway
    set system gateway-address 192.168.1.254
  • Commit and save changes
    commit
    save

配置DNS服务器

  • Enter configuration mode
    configure
  • config DNS Forwarder
    set service dns forwarding name-server 8.8.8.8
    set service dns forwarding name-server 8.8.4.4
    set service dns forwarding listen-on eth0
  • Commit and save changes
    commit
    save

配置ssh端口号

  • Enter configuration mode
    configure
  • config ssh port
    set service ssh port 2222

配置L2tp_VPN

  • config
set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0

set vpn l2tp remote-access outside-address pub-add
set vpn l2tp remote-access client-ip-pool start 192.168.1.100
set vpn l2tp remote-access client-ip-pool stop 192.168.1.254
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret>
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username <username> password <password>

set firewall name OUTSIDE-LOCAL rule 41 action 'accept'
set firewall name OUTSIDE-LOCAL rule 41 destination port '500'
set firewall name OUTSIDE-LOCAL rule 41 protocol 'udp'
set firewall name OUTSIDE-LOCAL rule 42 action 'accept'
set firewall name OUTSIDE-LOCAL rule 42 destination port '4500'
set firewall name OUTSIDE-LOCAL rule 42 protocol 'udp'
set firewall name OUTSIDE-LOCAL rule 43 action 'accept'
set firewall name OUTSIDE-LOCAL rule 43 destination port '1701'
set firewall name OUTSIDE-LOCAL rule 43 ipsec 'match-ipsec'
set firewall name OUTSIDE-LOCAL rule 43 protocol 'udp'

set nat source rule 110 outbound-interface 'eth0'
set nat source rule 110 source address '192.168.1.0/24'
set nat source rule 110 translation address masquerade

set vpn l2tp remote-access dns-servers server-1 '8.8.8.8'
set vpn l2tp remote-access dns-servers server-2 '8.8.4.4'
  • show
    show vpn remote-access
posted @ 2019-05-10 13:12  Federico  阅读(1659)  评论(0编辑  收藏  举报