Open source multipoint VPN with VyOS

Connected Mesh

Graphical Interface?

The chances for a VyOS web interface are low. Brocade does offer a Vyatta web UI for paying customers, and Ubiquiti ships its EdgeOS with a wonderful web-based interface that includes most areas of configuration; however, it binds the web UI to their own hardware by license.

From a technical perspective, a browser front end can communicate through web sockets with the back end (Ubiquiti EdgeRouter). The daemon /usr/sbin/ubnt-util receives the queries and performs the reconfiguration. Unfortunately, this Ubiquiti element is closed source. The software is a MIPS64 binary, which won't run on Intel architecture without an emulator and many dirty tricks.

Conclusions

When the number of remote offices grow faster than the IT team can set them up, it is time for a dynamic VPN mesh. Dynamic multipoint VPN is Cisco's all-purpose solution for scalability in VPN clouds that allows every participating router to establish a direct connection to every other router without additional configuration. This solution truly saves setup effort and reduces delay times.

The free VyOS Linux distribution offers all the required protocols needed to create a new DMVPN landscape or to extend the existing Cisco world. VyOS does a pretty good job at hiding the many complicated Linux tools and routing daemons behind well-know CLI commands. Before deploying, however, pay attention to the limitations that crop up when playing together with Cisco, IPv6, or network address translation. Finally, your DMVPN can reside on hardware or a virtual infrastructure.

Infos

  1. RFC 2332: NBMA Next Hop Resolution Protocol: https://tools.ietf.org/html/rfc2332
  2. OpenNHRP: https://sourceforge.net/projects/opennhrp/
  3. VyOS: https://vyos.io/
  4. WANem: http://wanem.sourceforge.net/
  5. apu1d by PC Engines: http://www.pcengines.ch/apu1d.htm
  6. Forwarding performance lab of a PC Engines APU: http://bsdrp.net/documentation/examples/forwarding_performance_lab_of_a_pc_engines_apu
  7. RFC 7868: Cisco's Enhanced Interior Gateway Routing Protocol: https://datatracker.ietf.org/doc/rfc7868/
  8. Encapsulation overhead calculator: http://baturin.org/tools/encapcalc/

The Author

Markus Stubbig is a networking engineer who has worked in the IT industry for 15 years. His strong focus is on design and implementation of campus networks around the world.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus