Install adam:ONE® on VyOS®

adam:ONE® KB & Manual
1

Supported Versions

  • VyOS v1.3.3 - 1.4
  • VyOS v1.5 Rolling Release

Preparation

You will want the following information to complete this guide.

  • Interface IP addresses that you want the DNS service to run on. For basic networks this would be the IP address of the router on your LAN interface.
  • LAN interfaces. This might just be eth1 for a single LAN port. For VLANs it might also include something like eth1.20 for VLAN 20 on eth1. To see a full list of interfaces and IP addresses on your router, use the following command in operational mode.
    show interfaces
  • LAN subnets. For example it might just be a single network of 192.168.1.0/24 or multiple such as 10.0.0.0/24,10.10.10.0/24. Include any IPv6 separately such as 2001:db8:1:2::/64.

Compatibility

The conntrack modules must be disabled. As stated in the VyOS docs “Conntrack helper modules are enabled by default, but they tend to cause more problems than they’re worth in complex networks”
To disable the modules go into configure mode and delete the config as follows.

configure
delete system conntrack modules
commit
save
exit

Install adam:ONE

Replace the environment values appropriate to your network as talked about above under Preparation. Install adam:ONE as follows:

add container image cr.adamnet.io/adamone:latest
configure
set container name adamone image cr.adamnet.io/adamone:latest
set container name adamone environment LISTEN_ADDRESSES value '192.168.1.1,2001:db8:1:2::1'
set container name adamone environment LAN_INTERFACES value 'eth1'
set container name adamone environment LAN_IP4_SUBNETS value '192.168.1.0/24'
set container name adamone environment LAN_IP6_SUBNETS value '2001:db8:1:2::/64'
set container name adamone environment LOG_LEVEL value 4
set container name adamone allow-host-networks
set container name adamone port dns-udp protocol udp
set container name adamone port dns-udp destination 53
set container name adamone port dns-udp source 53
set container name adamone port dns-tcp protocol tcp
set container name adamone port dns-tcp destination 53
set container name adamone port dns-tcp source 53
set container name adamone port http protocol tcp
set container name adamone port http destination 80
set container name adamone port http source 80
set container name adamone port https protocol tcp
set container name adamone port https destination 443
set container name adamone port https source 443
set container name adamone volume config destination /opt
set container name adamone volume config source /config
set container name adamone capability net-admin
set container name adamone capability net-bind-service
set container name adamone capability net-raw
set container name adamone capability sys-admin
set container name adamone memory 0
commit
save
exit

Set up your Box ID

On initial run a Box ID will be automatically generated for you.
Run the following command to show the Box ID of your installation which you can then add to
your Dashboard at https://dashboard.adamnet.works

sudo podman exec adamone config boxid

Once your router shows online in the Dashboard, you should be online with adam:ONE!

How to Upgrade adam:ONE

Automated Upgrades

Run these commands to install an upgrade script and set to run on a schedule.
Set the values of MM, HH and DOW to your desired hour, minute and day of week.

bash -c 'cat > /config/scripts/adamone.script' << "EOF"
#!/bin/vbash
source /opt/vyatta/etc/functions/script-template

run update container image adamone
run restart container adamone
EOF
chmod +x /config/scripts/adamone.script
configure
set system task-scheduler task adamone executable path '/config/scripts/adamone.script'
set system task-scheduler task adamone crontab-spec 'MM HH * * DOW'
commit
save

Manual Upgrades

update container image adamone
restart container adamone

Switching to Rapid Release

add container image cr.adamnet.io/adamone:devel
configure
set container name adamone image cr.adamnet.io/adamone:devel
commit
save
exit

Hijacking DNS

In most cases you will want to redirect any classic DNS queries going to the public Internet over port 53 to your adam:ONE instance.
You would do this to prevent DNS bypass, but when using DTTS® where bypass wouldn’t work anyway, this redirect would allow devices that are hard-coded to using something like 8.8.8.8 to still resolve without a problem.
Configuring the hijack simply requires creating a NAT rule on your system like the following example.
The config below assumes you have an interface group called LAN-INTERFACES and a network group called LAN-NETWORKS. You can of course use your own group names, or just specify the direct interface name and network in the nat rule itself.

set nat destination rule 530 description 'Hijack Classic DNS'
set nat destination rule 530 destination group network-group '!LAN-NETWORKS'
set nat destination rule 530 destination port '53'
set nat destination rule 530 inbound-interface group 'LAN-INTERFACES'
set nat destination rule 530 protocol 'tcp_udp'
set nat destination rule 530 translation address '192.168.1.1'

Optional Configuration

To use the following options, set them as environment values for the container.

BACKUP_SCHEDULE_DAY and BACKUP_SCHEDULE_HOUR

Set both of these options to enable automatic router config backups. Each week on the day of week specified, your router config wil be uploaded to the ADAMnetworks cloud, encrypted with AES256-GCM, and available in the Backups tab on the Dashboard.

DAY should be a day of week between 0-6 (Sunday to Saturday)

HOUR should 0-23 (24-hour time)

For example if setting to Sunday at 2am, use:

set container name adamone environment BACKUP_SCHEDULE_DAY value '0'
set container name adamone environment BACKUP_SCHEDULE_HOUR value '2'

LOG_LEVEL

Set to a value between 0 for no logs, and 6 for debug logs.
Default value is 4

SYSLOG_LEVEL

Set to a value between 0 for no logs, and 6 for debug logs.
Default value is 4

LOG_FILE

Set to a path to save log files instead of going to standard output. If you modify this setting you will no longer be able to use the monitor command to view the log.

BYPASS_IP4|IP6_SUBNET_DST

To bypass DTTS for specific destination subnet(s), set BYPASS_IP4_SUBNET_DST for IPv4 and BYPASS_IP6_SUBNET_DST for IPv6. If you have more than one, separate them with a comma, no spaces.

BYPASS_IP4|IP6_SUBNET_SRC

To bypass DTTS for specific source subnet(s), set BYPASS_IP4_SUBNET_SRC for IPv4 and BYPASS_IP6_SUBNET_SRC for IPv6. If you have more than one, separate them with a comma, no spaces.

FALLBACK_INTERFACE

By default the first value of LAN_INTERFACES will be used as the fallback HTTP interface. This allows MyTools and block pages to work on traffic from VPNs or other routed external subnets.
You can set FALLBACK_INTERFACE to override the automatic default and set it to a specific interface.

Show adam:ONE Service Logs

For normal usage, use http://adamone.tools to access the MyTools Log.
For troubleshooting issues you can also view the service logs as follows.

# Show log history
show container log adamone

# Stream log
monitor log container adamone