![]() ![]() I can see everything is fine, which is good enough for me. The only traffic leaving my router goes to a nord vpn server. Makes it super easy checking for things like dns leaks. I keep a half dozen ssh sessions open, each one running iftop for each interface, including the wan and the openvpn tunnel, so I can see in real time who is talking to who. You can still set firewall rules both in vyos and in debian linux iptabes, like blocking an address that makes too many failed access attempts. I can route at gigabit wirespeed and the cpu barely gets over 1%, which leaves the cpu available for things like vpn encryption. ![]() I picked the above hardware because the chips support gigabit wirespeed in hardware. It's not recommended obviously, because you then risk breaking vyos features. If you want, you can enable debian repositories, and install anything you want. when you login to a vyos router, you are at the Debian linux command prompt. ![]() You're not the first to ask for that feature.īut. When I'm done, I'll post a default configuration file here, so you can see how easy it is to configure. I'm still working on the wlan and openvpn settings. It's already up and running, and I'm using it as my home firewall connection to the Internet. ![]() I'll post more here, when I finish getting things configured. I could easily install a VM server on it, but I'm keeping the vyos install baremetal, so in the future, if there are any problems, I don't have to figure out whether it's vyos or the VM server software. CPU utilization barely tops 1% when doing gigabit wire speed routing tests. The hardware is overpowered for a home firewall/router. It's been around for many years, so works very well and is incredibly robust. The router commands have been integrated into the Debian bash shell. VyOS was built from the ground up on Debian linux, and it has a command line configuration tool just like Cisco IOS routers, yet you also have access to Debian linux itself. I then installed VyOS on the mini-pc, and it runs beautifully. They are both based on BSD instead of linux, the bootup sequence is stupid (you have to wait an additional minute while it errors out looking for something), and the web gui is not very intuitive at all. For anyone reading this, I tried both pfsense and OPNsense on the above hardware, and even though they install and run fine, I didn't care for either. ![]()
0 Comments
Leave a Reply. |