Drunk on technology https://nerdydrunk.com/ 2026-04-07T04:01:01+00:00 https://nerdydrunk.com/ https://nerdydrunk.com/_media/wiki:favicon.ico text/html 2022-07-21T10:41:39+00:00 Anonymous (anonymous@undisclosed.example.com) https://nerdydrunk.com/vyos:build_iso_ami?rev=1658400099&do=diff VyOS Build ISO and AMI aws vyos Description Install Debian 10 with SSH and standard system utilities * <https://www.networkshinobi.com/vyos-build-from-source/> * <https://docs.vyos.io/en/latest/contributing/build-vyos.html> * <https://github.com/vyos/vyos-build> * <https://github.com/vyos/build-ami> Rundown Prepare builder VM ## ## on builder VM as root ## apt update && apt dist-upgrade -y apt install -y sudo git-all curl unzip python3 python3-pystache live-build pbuilder vim tmu… text/html 2022-07-21T10:41:39+00:00 Anonymous (anonymous@undisclosed.example.com) https://nerdydrunk.com/vyos:configure_first_boot?rev=1658400099&do=diff VyOS Configure on First Boot aws vyos Description Steps * Create VPC, Security Groups, and Public Route Table * Create S3 bucket and vyos-config.txt file * Store handler and config in S3 bucket * Launch HTTP Server (SSM Session Manager can be used to verify handler and config loaded) text/html 2022-07-21T10:41:39+00:00 Anonymous (anonymous@undisclosed.example.com) https://nerdydrunk.com/vyos:general?rev=1658400099&do=diff VyOS General general routing vyos ubiquiti edgerouter Load SSH Key $ configure # loadkey USERNAME scp://USERNAME@REMOTEHOST/home/USERNAME/.ssh/id_rsa.pub # save Backup configuration via SSH $ scp USERNAME@VYOSHOST:/config/config.boot ./LOCALDIR/VYOS-DATECODE.txt On the Ubiquiti EdgeRouter you will need to do the following; text/html 2022-07-21T10:41:39+00:00 Anonymous (anonymous@undisclosed.example.com) https://nerdydrunk.com/vyos:tgw_spoke_isolation?rev=1658400099&do=diff VyOS Transit Gateway Spoke Isolation aws vyos vpn tgw Description This is based on the following Palo Alto guide for Transit Gateway deployments; * <https://www.paloaltonetworks.com/resources/guides/aws-transit-gateway-deployment-guide> Diagram <https://wiki.nerdydrunk.info/_media/images:svg:transit_gateway_spoke_isolation_via_vpn.svg> VyOS Configuration The firewall name “isolate_spokes” will prevent VPC 33 from accessing VPC 34 but as the configuration is stateful VPC 34 will be abl… text/html 2022-07-21T10:41:39+00:00 Anonymous (anonymous@undisclosed.example.com) https://nerdydrunk.com/vyos:vpn_nat?rev=1658400099&do=diff VyOS VPN with NAT aws vyos vpn nat Description This example is a specific use case where a software vendor will establish a site-to-site VPN and allow traffic only between two single private IPs, one on their end and one on your end, but you need to access their server from a cluster of instances or containers. With this configuration the site-to-site VPN is established to a VyOS instance and allows the instances private IP. The VyOS instance is then doing masquerade NAT for other instances…