Vyatta as the perfect low cost small business network router
Posted in business, system admin on 09/17/2009 10:36 am by lmorroni
We’ve stopped buying small consumer grade proprietary routers for our business clients. We recently had a client that needed a VPN but only had Dynamic DNS. We did this once with a Dlink router but found the setup to be laborious and slow. The web interface was painful to use and refreshes took too long. With Vyatta, we have one single configuration file. We were able to build a configuration file that could provide: DDNS, a DHCP Server, a Firewall, and a VPN. Everything is right there in one single file. The solution is simple, elegant and easy to maintain. Now we just backup the single config file and we can easily recover from any disasters. Here is the config file we have been using for clients.
interfaces {
ethernet eth0 {
address dhcp
duplex auto
hw-id 00:0c:29:21:da:48
speed auto
}
ethernet eth1 {
address 192.168.1.1/24
duplex auto
hw-id 00:0c:29:21:da:52
speed auto
}
ethernet eth2 {
duplex auto
hw-id 00:0c:29:21:da:5c
speed auto
}
loopback lo {
}
}
service {
dhcp-server {
disabled false
shared-network-name OCInternal {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.100 {
stop 192.168.1.200
}
}
}
}
dns {
dynamic {
interface eth0 {
service dyndns {
host-name XX.XXXXX.COM
login XXXX
password XXXX
}
}
}
}
nat {
rule 1 {
description "Main outbound"
outbound-interface eth0
source {
address 192.168.1.0/24
}
type masquerade
}
}
ssh {
allow-root false
port 22
protocol-version v2
}
}
system {
gateway-address 192.168.2.1
host-name vyatta
login {
user root {
authentication {
encrypted-password XXXXX
}
level admin
}
user vyatta {
authentication {
encrypted-password XXXXX
}
level admin
}
}
name-server XX.XX.XX.XX
ntp-server 69.59.150.135
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
}
time-zone GMT
}
vpn {
pptp {
remote-access {
authentication {
local-users {
username XXXXX {
password XXXXX
}
}
mode local
}
client-ip-pool {
start 192.168.1.30
stop 192.168.1.80
}
outside-address 0.0.0.0
}
}
}