Share Your VyOS Best Practices with the Community!

Hello VyOS Community Members!

We wanted to kick-start a conversation with you about best practices.

You know the VyOS network operating system can be used in many network setups. However, conjuring specific VyOS products for different use cases can take some effort, especially for newer users.

That’s why we encourage everyone to share their best practices for configuring specific VyOS products for different setups. Whether you’ve used VyOS to build complex network infrastructure, or any other networking use case, your insights and techniques could help others optimize for their needs.

By sharing your knowledge and experience with others, you’ll contribute to the growth and development of the VyOS community. You’ll also be able to connect with other users who share your interests and learn from their experiences.

Please reply to this post if you have valuable best practices to share about the topics below. Your insights and knowledge could help others benefits from this fantastic network operating system.

  • Configuring VyOS routers for specific network topologies.
  • Best practices for configuring VyOS firewalls for different use cases.
  • How to configure VyOS VPNs for different networking setups.
  • Best practices for configuring specific VyOS products for secure network environment.

Thank you for being a part of this fantastic community, and we look forward to hearing about your VyOS products best practices.

Warm regards,
Joe

This is a “Vyos as a home router” thing that I do myself which I consider good hygine. I’m open to feedback though!

I install the WaterByWind script and enable some blacklsits. This cuts down on the amount of spam/hack/SMTP attempts I see on my home network.

I hide most things behind Wireguard, but I run some public websites and my Home Assistant instance publically facing, having a blacklist of IPs cuts down on the logs and provides some protection against bad actors.

I’m running Vyos 1.3, I’m not sure if this script will work on 1.4 as I think that ipset has been removed from it.

3 Likes

@tjh Thank you for sharing your insights with us!

What would be nice is if a cheatsheet would be part of the official documentation along with a hardening guide or similar.

Example of cheatsheet for VyOS: cheat-sheets/docs/VyOS.md at master · bertvv/cheat-sheets · GitHub

Example of config examples (these particular ones are for release testing but they could exist as a few examples for one to read and apply the settings you agree with): vyos-1x/smoketest/configs at current · vyos/vyos-1x · GitHub

Example of hardening/best practice guides from other vendors:

https://manualzz.com/doc/23265417/hp-networking-guide-to-hardening-comware

https://arista.my.site.com/AristaCommunity/s/article/arista-eos-hardening-guide

2 Likes

Is that possible to update the Vyatta document Index of /vyatta/6.2/ as VyOS does?
The official document of VyOS is not good enough. After I read the official document, I still need to find some other articles and follow them to finish setup VyOS.

@Apachez Thank you for suggesting the inclusion of a cheatsheet and a hardening guide as part of the official VyOS documentation. I appreciate your input in helping us improving the VyOS documentation and provide a more comprehensive and user-friendly resource for the community. Your suggestions will taken into consideration as we continue to enhance the documentation and provide additional value resources.

@echowings If you have a specific suggestions or areas where you feel the documentation is lacking, I encourage you to provide detailed feedback or even contribute to the documentation yourself. The VyOS project welcomes contributions from the community and appreciates efforts to enhance the documentation for the benefits of all users.

Thank you for bringing this to our attention!

Cheers,
Joe