Getting it up and running
To get this project up and running is quite fast in most cases. You can also read it in the readme.
-
Clone the repository:
git clone https://github.com/MadsZBC/FastAPI-Vyos.git cd vyos-config-viewer -
Create a virtual environment:
python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate -
Install dependencies:
pip install -r requirements.txt -
Configure environment variables:
cp .env.sample .envEdit the
.envfile with your VyOS router API details. -
Run it with
python -m uvicorn main:app --host 0.0.0.0 --port 8000
You can use this exact configuration to test all the functions.
set firewall global-options state-policy established action 'accept'
set firewall global-options state-policy invalid action 'drop'
set firewall global-options state-policy related action 'accept'
set firewall group interface-group LAN interface 'eth1'
set firewall group interface-group WAN interface 'eth0'
set firewall group network-group NET-INSIDE-v4 network '192.168.0.0/24'
set firewall ipv4 forward filter rule 100 action 'jump'
set firewall ipv4 forward filter rule 100 destination group network-group 'NET-INSIDE-v4'
set firewall ipv4 forward filter rule 100 inbound-interface group 'WAN'
set firewall ipv4 forward filter rule 100 jump-target 'OUTSIDE-IN'
set firewall ipv4 input filter rule 20 action 'jump'
set firewall ipv4 input filter rule 20 destination port '22'
set firewall ipv4 input filter rule 20 jump-target 'VyOS_MANAGEMENT'
set firewall ipv4 input filter rule 20 protocol 'tcp'
set firewall ipv4 input filter rule 30 action 'accept'
set firewall ipv4 input filter rule 30 icmp type-name 'echo-request'
set firewall ipv4 input filter rule 30 protocol 'icmp'
set firewall ipv4 input filter rule 30 state 'new'
set firewall ipv4 input filter rule 40 action 'accept'
set firewall ipv4 input filter rule 40 destination port '53'
set firewall ipv4 input filter rule 40 protocol 'tcp_udp'
set firewall ipv4 input filter rule 40 source group network-group 'NET-INSIDE-v4'
set firewall ipv4 input filter rule 50 action 'accept'
set firewall ipv4 input filter rule 50 source address '127.0.0.0/8'
set firewall ipv4 name OUTSIDE-IN default-action 'drop'
set firewall ipv4 name VyOS_MANAGEMENT rule 15 action 'accept'
set firewall ipv4 name VyOS_MANAGEMENT rule 15 inbound-interface group 'LAN'
set firewall ipv4 name VyOS_MANAGEMENT rule 20 action 'drop'
set firewall ipv4 name VyOS_MANAGEMENT rule 20 inbound-interface group 'WAN'
set firewall ipv4 name VyOS_MANAGEMENT rule 20 recent count '4'
set firewall ipv4 name VyOS_MANAGEMENT rule 20 recent time 'minute'
set firewall ipv4 name VyOS_MANAGEMENT rule 20 state 'new'
set firewall ipv4 name VyOS_MANAGEMENT rule 21 action 'accept'
set firewall ipv4 name VyOS_MANAGEMENT rule 21 inbound-interface group 'WAN'
set firewall ipv4 name VyOS_MANAGEMENT rule 21 state 'new'
set interfaces ethernet eth0 address '77.90.39.119/24'
set interfaces ethernet eth0 description 'MGMT'
set interfaces ethernet eth0 hw-id 'bc:24:11:3d:df:d4'
set interfaces ethernet eth0 mtu '1500'
set interfaces ethernet eth1 address '192.168.0.1/24'
set interfaces ethernet eth1 description 'LAN'
set interfaces ethernet eth1 hw-id 'bc:24:11:15:b4:6d'
set interfaces ethernet eth2 address '10.10.10.4/24'
set interfaces ethernet eth2 hw-id 'bc:24:11:12:64:d4'
set interfaces loopback lo
set nat source rule 100 outbound-interface name 'eth0'
set nat source rule 100 source address '192.168.0.0/24'
set nat source rule 100 translation address 'masquerade'
set protocols static route 0.0.0.0/0 next-hop 77.90.39.96
set service dhcp-server shared-network-name LAN description 'Test'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 domain-name 'vyos.net'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease '86400'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 name-server '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 start '192.168.0.5'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 stop '192.168.0.254'
set service dhcp-server shared-network-name TEST subnet 10.10.10.0/24 range 0 start '10.10.10.50'
set service dhcp-server shared-network-name TEST subnet 10.10.10.0/24 range 0 stop '10.10.10.55'
set service dns forwarding allow-from '192.168.0.0/24'
set service dns forwarding cache-size '0'
set service dns forwarding listen-address '192.168.0.1'
set service https allow-client address '0.0.0.0'
set service https allow-client address '0.0.0.0/0'
set service https api keys id MY-HTTPS-API-ID key 'MY-HTTPS-API-PLAINTEXT-KEY'
set service ntp allow-client address '0.0.0.0/0'
set service ntp allow-client address '::/0'
set service ntp server time1.vyos.net
set service ntp server time2.vyos.net
set service ntp server time3.vyos.net
set service ssh client-keepalive-interval '180'
set service ssh disable-password-authentication
set service ssh port '22'
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password ''
set system login user vyos authentication public-keys admin@win10 key 'YOURKEY'
set system login user vyos authentication public-keys admin@win10 type 'ssh-rsa'
set system syslog global facility all level 'info'
set system syslog global facility local7 level 'debug'
Heres how you can help with further making this better
-
Enable Logging and then refresh
-
Click download ZIP this will take EVERYTHING that's going on it can be quite big files. I use it to see differences
-
Post your VyOS Configuration in a JSON Format
show configuration json
- Combine it all in a ISSUE.