13Jan

Expanding Homelab Subnet Using VyOS

I switched my internet service provider a while ago. The router that I have received from my new provider came with no option to change the LAN subnet addressing or prefix. Being stuck with a /24 prefix for both personal devices and homelab needs was a hard pill to swallow. Although I have never actually gotten to a point where I utilized an entire /24 subnet before. The reason was that labs were already set up with a larger and different subnet on my older connection. Plus, having a large prefix gives more flexibility in how things can be segmented. Unfortunately, changing the firmware to something like DD-WRT was not an option, either. Therefore, I had to rely on a virtual router in order to expand my local network.

I chose VyOS, an open source router, to do this. It is really lightweight and simple to configure, and it fits my use case exactly how I wanted it to. I deployed it on my oVirt cluster, with the following setup in mind:

VyOS Gateway Setup

As displayed above, I would like that my VMs in prefix (172.20.20.0/20) are able to reach internet or any other service available in the main LAN (10.0.1.0/24). Therefore, I’m going to let VyOS act as the NAT Gateway for those VMs.

After downloading VyOS image and uploading it to oVirt, I created a minimal VM for this purpose. 1 vCPU, 1GB RAM, 2 vNICs was all that I needed. You can follow the installation steps from the official website.

Linux vyos 3.13.11-1-amd64-vyos #1 SMP Sat Nov 11 12:10:30 CET 2017 x86_64
Welcome to VyOS.
This system is open-source software. The exact distribution terms for
each module comprising the full system are described in the individual
files in /usr/share/doc/*/copyright.
Last login: Mon Jan 25 19:25:01 2021
vyos@vyos:~$ configure
[edit]

After first login, I committed the following configuration to it:

set interfaces ethernet eth0 address '172.20.20.1/20'
set interfaces ethernet eth0 description 'Lab'
set interfaces ethernet eth1 address '10.0.1.254/24'
set interfaces ethernet eth1 description 'Internet'
set interfaces loopback 'lo'
set nat source rule 300 outbound-interface 'eth1'
set nat source rule 300 source address '172.20.20.1/20'
set nat source rule 300 translation address 'masquerade'
set protocols static route 0.0.0.0/0 next-hop '10.0.1.1'
set service ssh 'allow-root'
set service ssh port '22'
set system config-management commit-revisions '20'
set system console device ttyS0 speed '9600'
set system login user vyos authentication encrypted-password '$1$c/FMMdJu$dXntw2ftW2POghzbhpwCP1'
set system login user vyos authentication plaintext-password ''
set system login user vyos level 'admin'
set system ntp server '[0.pool.ntp.org](<http://0.pool.ntp.org/>)'
set system ntp server '[1.pool.ntp.org](<http://1.pool.ntp.org/>)'
set system ntp server '[2.pool.ntp.org](<http://2.pool.ntp.org/>)'
set system package repository community components 'main'
set system package repository community distribution 'helium'
set system package repository community url '[<http://packages.vyos.net/vyos>](<http://packages.vyos.net/vyos>)'
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'

The key parts relevant to this post are the nat configs:

set nat source rule 300 outbound-interface 'eth1'
set nat source rule 300 source address '172.20.20.1/20'
set nat source rule 300 translation address 'masquerade'
set protocols static route 0.0.0.0/0 next-hop '10.0.1.1'

That it. Now all of my previous VMs are using VyOS as their gateway, and their internet access is restored. Last step was adding a static route on my machine to reach the Lab VMs via 10.0.1.254.

Lab On 🤘

Share this Story

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Written with love ♥