In part 3 we did our first bit of automation using Ansible to set up the base config for VyOS, In this part we will go over defining our networks and everything needed for a functioning network.

Step 1 - New roles

Lets add a role to define our network and a playbook to run to create them, we will also need a new group_vars we will use lab as in the last part we created a group called vyos and lab and put our firewall under lab and the lab group as a child of vyos. Your directory should now look like the example below with these additions.

In Part 2 we went over initial configuration of VyOS including setting up:

• Interfaces
• SSH
• Static routes
• DNS
• DHCP servers
• DNS forwarding
• SNAT
• Firewall rules

Now we want I want to do this in a more automated fashion, my goto is Ansible for something like this configuration management.

VyOS documentation on Automation with Ansible is a bit sparse, I may put a PR in to add some of these examples.

There are some good modules in the vyos.vyos Ansible collection which I may migrate a lot of this to use If they work well enough, but for now we will focus on the vyos_config and using a jinja file for templating.

In Part 1 - Setting up SDN we went over setting up Proxmox SDN to create a network inside a network with VXLAN. In this post we will go over the initial set up for VyOS including setting up:

• Interfaces
• SSH
• Static routes
• DNS
• DHCP servers
• DNS forwarding
• SNAT
• Firewall rules

At the moment, our VyOS firewall is unconfigured, can’t connect to the Internet, and our VMs on this vxlan network cannot either.

This is going to be a multi-part series around my homelab, specifically around Vyos the Open-source Networking OS and Firewall.

• Part 2 - Configuring Vyos
• Part 3 - Configuring Vyos with Ansible

First of all, Why would I want a network inside a network? Well, Isolation from my main network is the main one, secondly, it has been fun to learn about.

My plan long term is to be comfortable using VyOS as my home firewall as well as my lab firewall and to use automation like Terraform and Ansible to manage and configure it, but that is for future posts when I get around to that point.