Setting up an isolated work VLAN with VyOS

I treat employer-provided hardware as hostile entities on my network. I have no control over them and I have no idea what invisible scanning software they've installed.

Previous to now I set up a dedicated guest wi-fi network which provides a sort of client isolation, but this wasn't quite enough because I want my work machine to also have an ethernet connection. Therefore, I went about setting up a VLAN for the first time.

My Virtualized Router

This post is mostly for me to remember what I did, but feel free to follow along.


Original Post

Recently I decided to switch jobs, for a number of reasons that aren't germane to this post. I haven't had any proper time off for years so this time I decided to take a big chunk of time between leaving my old job and starting my new one. Two and a half months, to be specific.

I'm spending this time doing a few things. First, I'm being more present with my family. I haven't been the kind of dad or husband that I want to be lately and I'm trying my best to fix that. Second, I fired up my XBox One and started playing Forza Horizon 5. It's ludicrious and mindless in the best possible way.

Third, the topic of this post: I'm building a virtualized router out of a Dell T20 server and a bunch of eBay'd networking gear.

Building a Private Backplane Network for your VPSs with ZeroTier

Almost all of my applications, both public and personal, run on a collection of virtual private servers (VPSs) hosted in various places including DigitalOcean and my own data center (i.e. the Mac mini in my basement). For a long time I've wanted to set up certain things, like centralized logging or metrics collection, but I've always been stopped by this idea that I can't run that stuff across the public network.

A few months ago I ran across a product named ZeroTier that, among other things, allowed me to set up this network without having to invest the time in attempting to build (or purchase) a traditional VPN. This post is going to talk about why, and how, you can replicate this setup.

Increasing the Encryption Noise Floor

Inspired by Tim Bray's recent post about encrypting his website, I decided to enable and force HTTPS for The process was straightforward and, turns out, completely free. Read on to find out how and why.