1. 设置宽带上网
<code>set int eth eth0 pppoe 0set int eth eth0 pppo 0 user-id youre_usernameset int eth eth0 pppo 0 password your_password
2. 配置dhcp
<code>set service dhcp-server shared-network-name LAN authoritative enable set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 start 192.168.1.100 stop 192.168.1.150set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router 192.168.1.1set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 223.5.5.5set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 223.6.6.6set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease 86400
3. 设置nat
<code>set nat source rule 1 outbound-interface pppoe0set nat source rule 1 source address 192.168.1.0/24set nat source rule 1 translation address masquerade
4. 配置open***
<code># 生成证书cp -rv /usr/share/doc/open***/examples/easy-rsa/2.0/ /config/easy-rsa2# 编辑生成证书用的配置文件cat /config/easy-rsa2/vars...export KEY_SIZE=2048...export KEY_COUNTRY="CN"export KEY_PROVINCE="test"export KEY_CITY="tet"export KEY_ORG="test"export KEY_EMAIL="[email protected]"# 生成证书cd /config/easy-rsa2/source ./vars./build-ca./build-dh./build-key-server open***test# 生成client key./build-key testclient# 复制证书cp /config/easy-rsa2/keys/ca.crt /config/auth/cp /config/easy-rsa2/keys/dh2048.pem /config/auth/cp /config/easy-rsa2/keys/open***test.key /config/auth/cp /config/easy-rsa2/keys/open***test.crt /config/auth/# 配置open***set int open*** vtun0 mode serverset int open*** vtun0 description "TCP version"set int open*** vtun0 open***-option --comp-lzoset int open*** vtun0 protocol tcp-passiveset int open*** vtun0 server subnet 192.168.3.0/24set int open*** vtun0 server name-server 223.5.5.5set int open*** vtun0 server name-server 223.6.6.6set int open*** vtun0 server push-route 192.168.1.0/24set int open*** vtun0 tls ca-cert-file /config/auth/ca.crtset int open*** vtun0 tls cert-file /config/auth/open***test.crtset int open*** vtun0 tls dh-file /config/auth/dh2048.pemset int open*** vtun0 tls key-file /config/auth/open***test.key# 创建 client 配置文件cat <<EOF>> testclient.o***clientdev tunproto tcpremote 192.168.56.102 1194resolv-retry infinitenobindpersist-keypersist-tunca ca.crtcert testclient.crtkey testclient.keyns-cert-type servercomp-lzoverb 3EOF
5. 配置 L2TP over IPsec
<code>set *** ipsec ipsec-interfaces interface pppoe0set *** ipsec nat-traversal enableset *** ipsec nat-networks allowed-network 0.0.0.0/0set *** l2tp remote-access outside-address <public-address>set *** l2tp remote-access client-ip-pool start 192.168.255.1set *** l2tp remote-access client-ip-pool stop 192.168.255.255set *** l2tp remote-access ipsec-settings authentication mode pre-shared-secretset *** l2tp remote-access ipsec-settings authentication pre-shared-secret <secret>set *** l2tp remote-access authentication mode localset *** l2tp remote-access authentication local-users username <username> password <password># windows 添加路由route add 192.168.1.0 mask 255.255.255.0 192.168.255.1
6、配置 dns 转发
<code>set service dns forwarding name-server 223.5.5.5set service dns forwarding name-server 223.6.6.6set service dns forwarding cache-size 0set service dns forwarding listen-on eth1set service dns forwarding listen-on eth1.100set service dns forwarding listen-on eth1.2# 使用 dnsmasq 作dns forward,默认会读取优先从/etc/hosts读取作解析,# /etc/hosts无所需要主机,则从dns server 解析# 下面的命令可以为主机abc设置解析set system static-host-mapping host-name abc inet 192.168.1.240# 禁止dnsmasq读取/etc/hostsset service dns forwarding ignore-hosts-file
7、设置vyos用户无密码登录
8、设置vyos用户登录密码
<code>set system login user vyos authentication plaintext-password 123
9、设置防火墙
<code>set firewall name out-inside default-action dropset firewall name out-inside description "from out to inside"set firewall name out-inside rule 1 state established enableset firewall name out-inside rule 1 state related enableset firewall name out-inside rule 1 action acceptset firewall name out-inside rule 2 description sshset firewall name out-inside rule 2 action acceptset firewall name out-inside rule 2 protocol tcpset firewall name out-inside rule 2 destination port 22set int eth eth0 pppoe 0 firewall local name out-inside
10、设置计划任务
<code>set system task-scheduler task task_name executable path /bin/lsset system task-scheduler task task_name interval 10m
搞代码网(gaodaima.com)提供的所有资源部分来自互联网,如果有侵犯您的版权或其他权益,请说明详细缘由并提供版权或权益证明然后发送到邮箱[email protected],我们会在看到邮件的第一时间内为您处理,或直接联系QQ:872152909。本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:vyos 配置
转载请注明原文链接:vyos 配置
![[MySQL]快速解决"is marked as crashed and should be repaired"故障](https://www.gaodaima.com/wp-content/themes/Git-alpha/timthumb.php?src=https://www.gaodaima.com/wp-content/themes/Git-alpha/assets/img/pic/2.jpg&h=110&w=185&q=90&zc=1&ct=1)