I run many different hypervisors in my lab and I always isolate them on private networks so I don’t screw up the internet connection for my wife and kids.
In the past I’ve been using Windows 2012 R2 and the Routing & Remote Access Role, but as time moves on I’ve tried to do the same with Windows 2016 without any luck.
Way before that in 2009 I used Vyatta which no longer exists. Luckily there’s a community fork of Vyatta called VyOS. It’s extreme lightweight and only requires 512MB RAM and 2GB of storage.
So lets just get started and see how you can provide internet access to your Internal Network and enable RDP connection from External to Internal Network.
First you’ll need to download the ISO image called vyos-1.1.7-amd64 from here. Since I’m using Nutanix I’m going to select Image Configuration to Upload the ISO image.
Fill in the information to Create the Image.
Next up is to create a new VM with 0.5GB of memory and a disk with 2GB. Click Add New Disk and make sure to set Bus Type to IDE.
Click Add New Disk again, but this time set Type to CDROM and use Clone from Image Service to select the ISO you uploaded earlier.
For the configuration below you’ll set eth0 as External and eth1 as Internal.
Simply start the VM and log in with vyos/vyos and type Install Image, the rest is straight forward.
Finally let’s do the IP configuration and enable SSH.
1 2 3 4 5 6 7 8 |
configure set interfaces ethernet eth0 address 192.168.2.254/24 set interfaces ethernet eth0 description External set interfaces ethernet eth1 address 192.168.1.1/24 set interfaces ethernet eth1 description Internal set service ssh listen-address 192.168.2.254 commit save |
Now with SSH access enabled you can use Putty to copy/paste the rest of the commands.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
set protocols static route 0.0.0.0/0 next-hop 192.168.2.1 set nat source rule 5010 outbound-interface eth0 set nat source rule 5010 source address 192.168.1.0/24 set nat source rule 5010 translation address masquerade set service dns forwarding name-server 8.8.8.8 set service dns forwarding cache-size 150 set service dns forwarding listen-on eth1 set nat destination rule 10 inbound-interface eth0 set nat destination rule 10 destination port 3389 set nat destination rule 10 description 'RDP to 192.168.1.10' set nat destination rule 10 protocol tcp set nat destination rule 10 translation address 192.168.1.10 set nat destination rule 11 inbound-interface eth0 set nat destination rule 11 destination port 27000 set nat destination rule 11 description 'Citrix License Server to 192.168.1.10' set nat destination rule 11 protocol tcp set nat destination rule 11 translation address 192.168.1.10 set nat destination rule 12 inbound-interface eth0 set nat destination rule 12 destination port 7279 set nat destination rule 12 description 'Check-in/check-out of Citrix licenses to 192.168.1.10' set nat destination rule 12 protocol tcp set nat destination rule 12 translation address 192.168.1.10 commit save exit |
So there’s my RDP Jump Host on DC-01 (192.168.1.10) which I’m using with Devolutions Remote Desktop Manager.
VyOS is extremly powerful and I’ve just scratched the surface with my configuration above. To learn more about Firewall and other settings check out this blog post from MVP Thomas Vochten.
I also found the following post showing how to install Citrix XenServer Tools and create a VyOS Template. If you go that route, don’t include the network adapters as part of the template, but add during the import.
Hi Eric
Thanks for the article. Does the above config allows you to access you VMs in internal network from your internet connected VM?
So If I have laptop connected to my home internet, Will I be able to connect RDP to my internal VMs with the above config?
Yes, as you can see of the confing there’s a NAT for RDP to 192.168.2.10 (Rule 10) and also Citrix Licensing if e.g. you need to license your XenServer (Rule 11/12).
ok Thank you very much for the explanation