Home

Kenny's Blog

16 Mar 2021

How I manage my edgerouter

I bought the ER-6P a while back after seeing recommendations on reddit. It’s been nice, but there is definitely a bit of a learning curve. I was coming from dd-wrt, where you could manage everything from the web interface. So I had to learn a bit of the command line to set some of the more powerful features (like dns-forwarding).

My homelab has a monorepo that contains all of the configuration scripts/definitions. My salt/terraform definitions are in there. I have a separate folder for my edgerouter called router/ which contains some pretty basic scripts that let me set things like:

  • dnsmasq/forwarding entries
  • port forwarding
  • static leases
  • manage routes

I use a bash script that applies configuration through ssh using the vyatta-cfg-cmd-wrapper command. You need to use this since you can’t just run the commit and save commands like you normally can interactively. Here’s an example of the script I use for setting static leases:

ssh 192.168.5.1 <<EOF
#!/bin/vbash
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper begin

/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set service dhcp-server shared-network-name LAN1 subnet 192.168.5.0/24 static-mapping kserver ip-address 192.168.5.100
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set service dhcp-server shared-network-name LAN1 subnet 192.168.5.0/24 static-mapping kserver mac-address '00:00:00:00:00:00'

/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper commit
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper save
EOF

You can do something similar for port forwarding:

ssh 192.168.5.1 <<EOF
#!/bin/vbash
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper begin

/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set port-forward rule 6 description minecraft
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set port-forward rule 6 forward-to address 192.168.5.80
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set port-forward rule 6 forward-to port 25565
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set port-forward rule 6 original-port 25565
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set port-forward rule 6 protocol tcp_udp

/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper commit
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper save
EOF

Note: you’ll have to add your ssh key to the edgerouter if you want this to run non-interactively (see notes at the end on how to do this).

I haven’t quite figured out if there’s a way to manage my edgerouter using terraform or salt but a cursory glance at google says there isn’t an easy way at the moment. Maybe I’ll have to roll my own system, or find some other way to do it.

Hopefully at some point I can get gitops setup so I can have ci/cd apply the changes after a merge.

Appendix

To copy your ssh key to your edgerouter

Copy the key over:

scp ~/.ssh/id_rsa.pub <ip-of-erl>:/tmp

Load the key into your user:

configure 
loadkey <user> /tmp/id_rsa.pub 
commit 
save 
exit