Kenny's Blog

16 Mar 2021

How I manage my edgerouter

I bought the ER-6P a while back after seeing recommendations on reddit. It’s been nice, but there is definitely a bit of a learning curve. I was coming from dd-wrt, where you could manage everything from the web interface. So I had to learn a bit of the command line to set some of the more powerful features (like dns-forwarding).

My homelab has a monorepo that contains all of the configuration scripts/definitions. My salt/terraform definitions are in there. I have a separate folder for my edgerouter called router/ which contains some pretty basic scripts that let me set things like:

  • dnsmasq/forwarding entries
  • port forwarding
  • static leases
  • manage routes

I use a bash script that applies configuration through ssh using the vyatta-cfg-cmd-wrapper command. You need to use this since you can’t just run the commit and save commands like you normally can interactively. Here’s an example of the script I use for setting static leases:

ssh <<EOF
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper begin

/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set service dhcp-server shared-network-name LAN1 subnet static-mapping kserver ip-address
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set service dhcp-server shared-network-name LAN1 subnet static-mapping kserver mac-address '00:00:00:00:00:00'

/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper commit
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper save

You can do something similar for port forwarding:

ssh <<EOF
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper begin

/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set port-forward rule 6 description minecraft
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set port-forward rule 6 forward-to address
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set port-forward rule 6 forward-to port 25565
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set port-forward rule 6 original-port 25565
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set port-forward rule 6 protocol tcp_udp

/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper commit
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper save

Note: you’ll have to add your ssh key to the edgerouter if you want this to run non-interactively (see notes at the end on how to do this).

I haven’t quite figured out if there’s a way to manage my edgerouter using terraform or salt but a cursory glance at google says there isn’t an easy way at the moment. Maybe I’ll have to roll my own system, or find some other way to do it.

Hopefully at some point I can get gitops setup so I can have ci/cd apply the changes after a merge.


To copy your ssh key to your edgerouter

Copy the key over:

scp ~/.ssh/id_rsa.pub <ip-of-erl>:/tmp

Load the key into your user:

loadkey <user> /tmp/id_rsa.pub