VyOS: Open Sourced Router
As my infrastructure got more and more complex I needed specialized software and hardware to get everything to play nice. This meant that even if I got FreshTomato to work on my ASUS router, it limited itself to 320mbit/s. After contemplating for a long while if I should invest in high end consumer hardware, or even low end enterprise hardware, I came to the decision to get a cheap gigabit NIC for my server. This meant that I’m now limiting myself to 6 different solutions, all but one which means running a router in VM: pfSense; OpnSense; VyOS; Router OS; Linux with iptables/ufw; Routing in Proxmox.
The last one was out of the question, as it meant that the hypervisor itself would be made more complex, so VM was the solution. The iptables one is very hard for a novice, making it extremely intimidating so it was skipped as well.
Now for the other four, the first two had a webui and neat installers, while the other ones was cli with bare bone install, everything disabled per default. It felt easier to use something I was more comfortable with, so I fired up an OpnSense and began testing internally. It became trickier than I though, so after having mixing with it for a week, I never got NAT going the way I want, if at all. I therefore took a break from it, looking at alternatives, landed on VyOS.
While the cli may look scary at first, its interface is really intuitive and the key is very helpful. The documentation is exhaustive and it even brings up NAT reflection/hairpin. After getting it to work within a couple of days, learning lots about how routing and such works, I spent a month fiddling with the config to get everything the way I wanted, having copied over previous router port forwarding and firewall settings.
What about the performance? I tested with 2 core 2GB and it managed to reach 8Gbit/s internally. I found some more optimization tips, added multiqueue to my bridges and reached 14Gbit/s.
I now use 2 core 1GB with 8GB storage. Should be enough for the moment, and can be expanded further if necessary.