Skip to content

Instantly share code, notes, and snippets.

@usrbinkat

usrbinkat/cloud-config

Created August 23, 2022 22:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save usrbinkat/7fc3788b2326c25df0e5578b922c785d to your computer and use it in GitHub Desktop.
Save usrbinkat/7fc3788b2326c25df0e5578b922c785d to your computer and use it in GitHub Desktop.
Download ZIP
VyOS nip.io troubleshooting
Raw
cloud-config
#cloud-config
ssh_authorized_keys:
- ssh-rsa AAAAB3Nz..truncated..x8yI8KlVt2U= admin@mprcs
vyos_config_commands:
- configure
- set firewall all-ping 'enable'
- set firewall syn-cookies 'enable'
- set firewall config-trap 'disable'
- set firewall log-martians 'enable'
- set firewall ip-src-route 'disable'
- set firewall send-redirects 'enable'
- set firewall broadcast-ping 'disable'
- set firewall ipv6-src-route 'disable'
- set firewall source-validation 'disable'
- set firewall receive-redirects 'disable'
- set firewall ipv6-receive-redirects 'disable'
- set firewall twa-hazards-protection 'disable'
- set firewall name OUTSIDE-IN default-action 'drop'
- set firewall name OUTSIDE-IN rule 10 action 'accept'
- set firewall name OUTSIDE-IN rule 10 state established 'enable'
- set firewall name OUTSIDE-IN rule 10 state related 'enable'
- set firewall name OUTSIDE-LOCAL default-action 'drop'
- set firewall name OUTSIDE-LOCAL rule 10 action 'accept'
- set firewall name OUTSIDE-LOCAL rule 10 state established 'enable'
- set firewall name OUTSIDE-LOCAL rule 10 state related 'enable'
- set firewall name OUTSIDE-LOCAL rule 20 action 'accept'
- set firewall name OUTSIDE-LOCAL rule 20 icmp type-name 'echo-request'
- set firewall name OUTSIDE-LOCAL rule 20 protocol 'icmp'
- set firewall name WAN-IN default-action 'drop'
- set firewall name WAN-IN rule 10 action 'accept'
- set firewall name WAN-IN rule 10 state established 'enable'
- set firewall name WAN-IN rule 10 state related 'enable'
- set firewall name WAN-LOCAL default-action 'drop'
- set firewall name WAN-LOCAL rule 10 action 'accept'
- set firewall name WAN-LOCAL rule 10 state established 'enable'
- set firewall name WAN-LOCAL rule 10 state related 'enable'
- set firewall name WAN-LOCAL rule 20 action 'accept'
- set firewall name WAN-LOCAL rule 20 icmp type-name 'echo-request'
- set firewall name WAN-LOCAL rule 20 protocol 'icmp'
- set firewall name WAN-LOCAL rule 20 state new 'enable'
- set firewall name WAN-LOCAL rule 30 action 'drop'
- set firewall name WAN-LOCAL rule 30 destination port '2222'
- set firewall name WAN-LOCAL rule 30 protocol 'tcp'
- set firewall name WAN-LOCAL rule 30 recent count '4'
- set firewall name WAN-LOCAL rule 30 recent time '60'
- set firewall name WAN-LOCAL rule 30 state new 'enable'
- set firewall name WAN-LOCAL rule 31 action 'accept'
- set firewall name WAN-LOCAL rule 31 destination port '2222'
- set firewall name WAN-LOCAL rule 31 protocol 'tcp'
- set firewall name WAN-LOCAL rule 31 state new 'enable'
- set interfaces ethernet eth0 address 'dhcp'
- set interfaces ethernet eth0 address 'dhcpv6'
- set interfaces ethernet eth0 description 'WAN'
- set interfaces ethernet eth0 firewall in name 'WAN-IN'
- set interfaces ethernet eth0 firewall local name 'WAN-LOCAL'
- set interfaces ethernet eth1 address '192.168.1.1/16'
- set interfaces ethernet eth1 description 'LAN'
- set interfaces loopback lo
- set nat source rule 100 outbound-interface 'eth0'
- set nat source rule 100 translation address 'masquerade'
- set protocols static route 0.0.0.0/0 next-hop 10.0.0.1
- set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router '192.168.1.1'
- set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server '192.168.1.1'
- set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 domain-name 'home.arpa'
- set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease '86400'
- set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 0 start '192.168.1.100'
- set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 0 stop '192.168.1.249'
- set service dhcp-server hostfile-update
- set service dns forwarding cache-size '1000'
- set service dns forwarding allow-from '0.0.0.0/0'
- set service dns forwarding listen-address '0.0.0.0'
- set service dns forwarding name-server '1.1.1.1'
- set service dns forwarding name-server '1.0.0.1'
- set service dns forwarding name-server '8.8.8.8'
- set service dns forwarding name-server '8.8.4.4'
- set system name-server '127.0.0.1'
- set service ssh client-keepalive-interval '180'
- set service ssh listen-address '0.0.0.0'
- set service ssh port '2222'
- delete service ssh port '22'
- set system config-management commit-revisions '100'
- set system console device ttyS0 speed '9600'
- set system host-name 'vyos'
- set system domain-name 'home.arpa'
- set system login user vyos authentication plaintext-password asdfqwer1234
- set system login user vyos authentication public-keys vyos key 'AAAAB3NzaC..truncated..ox8yI8KlVt2U='
- set system login user vyos authentication public-keys vyos type 'ssh-rsa'
- set service ssh disable-password-authentication
- set system ntp server 0.pool.ntp.org
- set system ntp server 1.pool.ntp.org
- set system ntp server 2.pool.ntp.org
- set system syslog global facility all level 'notice'
- set system syslog global facility protocols level 'debug'
- commit
- save
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment