Strictly speaking, there are are only a few configurations necessary to use VyOS home router.

• Set interface IP addresses
• Block traffic coming from the internet
• NAT outgoing traffic
• Give out IPs by DHCP

For the sake of this tutorial, I'll assume the interface connected to the internet is eth0 and the interface connected to the home network is eth1

Interface IPs

The LAN interface absolutely needs a static IP that will not change

Enter configuration mode

conf

Set interface IP address (The IP can be changed to something else if wanted)

set interface ethernet eth1 address 192.168.10.1/24

The configuration of the WAN interface will depend on your ISP. If you have a static address, you can use the same command as the LAN interface for the interface eth0. If the address is dynamic (not PPPoE) you can use this command:

set interface ethernet eth0 address dhcp

After making changes, make sure to apply and save the changes.

commit save

Blocking traffic

These three commands will make it so traffic trying to come into your network from the internet will be blocked.

set firewall ipv4 forward filter rule 1000 inbound-interface name eth0 set firewall ipv4 forward filter rule 1000 action drop set firewall ipv4 forward filter rule 1000 state new

These three command will make it so traffic destined to your router from the internet will be blocked.

set firewall ipv4 input filter rule 1000 inbound-interface name eth0 set firewall ipv4 input filter rule 1000 action drop set firewall ipv4 input filter rule 1000 state new

After making changes, make sure to apply and save the changes.

commit save

NAT-ing traffic

The following two commands will make it so traffic leaving your router towards the internet will have the internet address of your router as it's source address.

set nat source rule 1000 outbound-interface name eth0 set nat source rule 1000 translation address masquerade

After making changes, make sure to apply and save the changes.

commit save

DHCP Server

The following commands will configure your router to give out IP addresses to your clients between 100 and 200. If you chose a different subnet when addressing your LAN interface earlier, it is important that the IP values here reflect the same subnet.

set service dhcp-server listen-interface eth1 set service dhcp-server shared-network-name home authoritative set service dhcp-server shared-network-name home subnet 192.168.10.0/24 subnet-id 10 set service dhcp-server shared-network-name home subnet 192.168.10.0/24 range 100-200 start 192.168.10.100 set service dhcp-server shared-network-name home subnet 192.168.10.0/24 range 100-200 stop 192.168.10.200 set service dhcp-server shared-network-name home subnet 192.168.10.0/24 range 100-200 option default-router 192.168.10.1 set service dhcp-server shared-network-name home subnet 192.168.10.0/24 range 100-200 option name-server 8.8.8.8

After making changes, make sure to apply and save the changes.

commit save

You are now ready to start using your router.

Notes

If your ISP requires PPPoE, you can refer to this documentation: https://docs.vyos.io/en/latest/configuration/interfaces/pppoe.html