VyOS is a fully open source network OS that runs on a wide range of hardware, virtual machines and cloud providers, and offers features for all networks, small and large.
Features for all network device roles
BGP (IPv4 and IPv6), OSPF (v2 and v3), RIP and RIPng, policy-based routing.
IPsec, VTI, VXLAN, L2TPv3, L2TP/IPsec and PPTP servers, tunnel interfaces (GRE, IPIP, SIT), OpenVPN in client, server, or site-to-site mode, WireGuard.
Firewall and NAT
Stateful firewalls, zone-based firewall, all types of source and destination NAT (one to one, one to many, many to many).
DHCP and DHCPv6 server and relay, IPv6 RA, DNS forwarding, TFTP server, web proxy, PPPoE access concentrator, NetFlow/sFlow sensor, QoS.
VRRP for IPv4 and IPv6, ability to execute custom health checks and transition scripts; ECMP, stateful load balancing.
and archiving make external configuration backup tools redundant.
Fully Open Source
The entire codebase and build toolchain are available to everyone for auditing, building customized images and contributing.
Unified management interface
VyOS combines the GNU/Linux operating system and a lot of free networking software under a single, unified management interface. It provides a command line interface in the style of hardware routers, as well as an HTTP API and libraries for configuration scripting.
Virtualization and cloud ready
In addition to bare metal x86-64 servers, VyOS runs on multiple virtualization platforms, including but not limited to KVM, Xen, Citrix XenServer, VirtualBox, VMware, and Microsoft Hyper-V, with paravirtual drivers for all those platforms included in the images for the best performance.
Join our big family
More than 160 businesses use VyOS worldwide
What Our Customers Say
As an ISP, one of our most important use cases is to be able to run full BGP tables without any issues. We have been using VyOS for this for years now and it has worked absolutely flawlessly. I don’t think we’ve ever had an issue with this, in fact.
We also use VyOS to host a couple of hundred server-networks and VyOS handles this with ease, even with some of our networks having crazy amounts of access-rules on them and often having consistently high throughput and burst rates.
Whenever we do experience issues or we simply have theoretical questions, it never feels like the support team is far away. We usually receive very quick and concise answers to our inquiries. It’s a very nice feeling to know that everyone that’s working on the VyOS project seem to be experts at it, it does a lot for our confidence in running VyOS as much as we do.
I reached out to the Vyos team with an issue regarding my subscription and it was promptly resolved.
I have been using vyos for the past 6 maybe 7 years, came from pfsense and never looked back.
The most important features for me:
- Ease of use
- I can configure everything from the command line and have made small modifications as time has gone by. I keep a script with the full command set applicable to my firewall.
- Setting up fq-codel is extremely intuitive and works flawlessly. I never had this kind of QoS with other solutions.
- I do miss a web interface to display stats and such, but I can live without it for the time being.
I have nothing but good things to say about the VyOS Support Engineers. I think Dmitriy has owned our last 2 ticket, and the rest of the Support Team have all helped out. Taras, Yuriy, Jose, (and I hope I didn’t miss anyone) are quick to contribute and answer any questions I have. I believe it was Taras that even updated the VyOS/VMware doc to clarify a few things that I needed help understanding.
My boss just recently purchased a VyOS Subscription, or license, because we were experiencing a couple bizarre issues during our VyOS refresh of 30+ routers. We were struggling due to a single “show-stopper” issue, month after month, and not able to proceed with the rest of the refresh project. My boss, Daya Rajaratnam, decided we needed to get Commercial Support and open proper tickets and also to show our support of the VyOS Team.
Just hours after our Support PO went thru, I opened a ticket. I gave it a relatively low priority so I would know what to expect with future tickets. Its was great to see a response from an Engineer in just a couple hours. Fast forward a few days and the root cause was identified, I had a simple workaround in place and working in production(and had learned a lot from other Support Engineers that had contributed). What a HUGE load off my back to have that issue resolved with a reliable fix. 5 Stars for service, knowledge, and going above and beyond. (Hell, can I give them 10 stars?).
4 days later I opened a second ticket about an unrelated VTI issue that had also been plaguing us for many months. The experience was equally impressive and I again had a simple and reliable workaround.
Working with this group was a real pleasure.
I use Vyos from the beginning and his predecessor Vyatta. I like platform because has own style of architecture and similar cli like cisco and juniper.
I use platform to make migration from site to site or hybrid migration with Cloud.
I’d like that platform has all ipv6 attribute and use it very much.
VyOS is the backbone of our company network since the early Vyatta 6.x days. It scales to meet your needs – from 256MB Alix-Board Low-Power Box for small branch offices to multi-processor rackmounted/virtualized network appliance – and is extremely easy to integrate with other systems like monitoring and configuration management. The excellent support from Sentrium turns it into a truely complete product that meets all our requirements.
I’m happy to recommend VyOS/Sentrium. We first began using VyOS several years ago; we maintain a VPN from cellular vendor network to our infrastructure. Since moving our infrastructure permanently to AWS, we decided to sign up for Sentrium’s professional product and service.
I recently ran into a peculiar issue with the IPSEC VPN after a version upgrade – Sentrium staff worked with me to resolve it, and were very prompt in providing information and resolution. We are running two instances, a primary and a backup, and both are working splendidly, with seamless failover.
Thank you for the prompt support. It is great to know that not only the product is a perfect fit for our needs, but also knowing that there is a professional support team we can rely on.
We use VYOS to connect distributed POPs to our data centers and provide secure Internet connectivity to the POPs.
I think you have a great product. Actually I like promoting your product to other customers and using it for demo purposes.
You are one of a kind today to support almost all network protocols.
You guys are great on support. Thank You.
We are very excited about VyOS and use it as part of our products. VyOS convinces as a complete product with REST API and Wireguard support. The support is very fast and extremely competent.
Get access to LTS Release
Or you can try out VyOS Rolling release
Join the community
VyOS started as a community project and wouldn’t exist without people who dedicate their time to free software development and peer to peer support. All our code is open for your pull requests, but there are lots of non-programming tasks as well, such as writing documentation and answering questions on the forums. Everyone is welcome to join.
Check out our resources
The smallest amount of RAM that VyOS can boot with is 256MB. Trying to boot VyOS on machines with less RAM will result in boot errors.
Otherwise, hardware requirements vary greatly between use cases. For small office use, low end CPUs and 512MB RAM should be more than enough.
For high performance routers, high end CPUs and large amounts of RAM are required.
No, everyone who deploys an instance from Amazon, Azure etc. marketplace is eligible for free updates. Contact us and provide your subscriber identifier.
If you are contributing code, actively testing the development images and reporting bugs, writing documentation, or helping spread the word by writing blog posts, speaking at conferences etc., you can get access to LTS images for free.
Just fill this form: https://share.hsforms.com/1DmAR8XwnR2W2Ys8-gBbiOQ2ghzu and we will contact you.
Please describe your contributions and provide links to git commits, Phabricator tasks, blog posts and anything else.
People who have contributed to VyOS before release model change in 2019 can get a perpetual subscription. Everyone who contributed only after the model change gets a yearly subscription that is extended if they remain active within the project.
Rolling release images are free to download for everyone. Long term support images follow a Red Hat-like “pay for binaries” model, though they are available for active contributors to the project for free as well.
Ready to use long term support release images are only available to customers who purchased a subscription and to community members who are contributing code, testing or documentation to the project.
Everyone can build an LTS release image from the stable branch too. For 1.2.x, the branch is named “crux”. The image built from the branch is equivalent to the latest official LTS image.
Yes. The entire codebase is available to the public on GitHub, complete with the build toolchain.
We also keep Debian package repositories used for image builds public so building it completely from source is not required.
VyOS is split into two branches: long term support and rolling release.
The rolling release branch (git branch “current”) includes the latest code from maintainers and all contributions from community members are merged into it. It’s meant for testing and home lab/non-critical router use and is not guaranteed to be stable.
Long term support branches are periodically split from the current branch. They are stable, and only proven, strictly compatible changes are merged or backported into it.
ISO images of the rolling release are public, while long term support release ISOs are only available to subscribers and contributors in binary form.
All instances on AWS are located behind 1-to-1 NAT and this affectly IPSec negatively.
In this case we can use a simple solution with a dummy interface and DNAT rules on VyOS routers.
Set public IP addresses on the dummy interface:
set interfaces dummy dum0 address 'x.x.x.x/32'
Create DNAT rules:
set nat destination rule 20 inbound-interface 'eth0' set nat destination rule 20 translation address 'x.x.x.x'
Configure L2TP and IPSec:
set vpn ipsec nat-traversal enable set vpn ipsec nat-networks allowed-network 0.0.0.0/0 set vpn ipsec ipsec-interfaces interface 'dum0' set vpn l2tp remote-access outside-address 'x.x.x.x' set vpn l2tp remote-access client-ip-pool start 192.168.255.1 set vpn l2tp remote-access client-ip-pool stop 192.168.255.254 set vpn l2tp remote-access dns-servers server-1 '184.108.40.206' set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret-key> set vpn l2tp remote-access authentication mode local set vpn l2tp remote-access authentication local-users username <user> password <password>
Optional: Create NAT rules for L2TP customers:
set nat source rule 10 outbound-interface 'eth0' set nat source rule 10 source address '192.168.255.0/24' set nat source rule 10 translation address 'masquerade'
You can order 4-hour support pack via the link below:
The default configuration file located at
If you want to load default the configuration remotely, you can run the command below, but be careful, all network parameters and services like ssh may be aborted. You can configure interface parameters and ssh access before running command
[email protected]# load /opt/vyatta/etc/config.boot.default Warning: file does NOT appear to be a valid config file. Do you want to continue? [no] Yes Loading configuration from '/config.boot.default'... Load complete. Use 'commit' to make changes active. 
Take a look at the subscription section, where we explain the professional support options.
Run an image dedicated to your platform or boot the generic ISO image on your system.
Log in and run
More details here: https://docs.vyos.io/en/latest/install.html
The documentation is undergoing reorganization. You can read more about it here: https://blog.vyos.io/google-season-of-docs
There are two new categories of documentation in process:
The articles here on the knowledgebase, where you can find more specific information, troubleshooting and workarounds.
Yes, if you want the latest features, even if they are not working perfectly yet.
The rolling release is built daily and passes some basic automated tests, but there is no guarantee that everything will work perfectly.
In VyOS, it is easy to revert to the previous version if something goes wrong. The rolling release should be good enough for non-critical production use, since you can always go back to a working version at the end of the maintenance window and report the findings.
Please follow the instructions from the build repository:
Can I contribute to VyOS?
Everyone is welcome to contribute to VyOS. Even if you are not a programmer, there are a lot of things you can do, including writing documentation, testing development builds and reporting issues.
What are the benefits for contributors?
The goal of introducing LTS release image access subscriptions was to make VyOS development sustainable.
This is why we made them available for people who help the project move forward, either by purchasing a subscription and thus funding the work of the maintainers, or by participating in the project directly.
If you are contributing code, substantial amount of testing or documentation writing, or are an active VyOS evangelist, you are eligible for a free LTS image access subscription.
How do I contribute to documentation?
VyOS documentation is now being developed in this repository: https://github.com/vyos/vyos-documentation/
It's a Sphinx project that is automatically deployed to https://docs.vyos.io
The VyOS wiki (http://wiki.vyos.net) is going to be phased out when its content is migrated to the vyos-documentation project and this knowledge base.
How do I become a tester?
Rolling release images are built nightly by our CI server, and can be found at https://downloads.vyos.io/?dir=rolling/current/amd64
Issues should be reported to the bug tracker.
How do I become a developer?
VyOS source code is at github.com/vyos
The vyos-build repository/ contains the image build scripts.
All new features are now added to the vyos-1x package in an effort to consolidate the code and data.
Old packages inherited from Vyatta Core such as vyatta-cfg-system are considered legacy and are eliminated when the code they contain is redesigned and rewritten.
Since the release of VyOS 1.2.0 we no longer accept new features in Perl and shell, and no longer use the original command template system. As such, any such code will be rejected. All new code must follow the new guidelines created to ensure maintainability and enable us to introduce features formerly prevented by the limitations of the old config backend and old coding approach, such as parallelized commits, live rollbacks and so on.
Before you make a pull request, please create a task in Phabricator and reference it in your commit messages, e.g. "[BGP] T42: add support for overly large communities".
What hardware platforms does VyOS support?
At the moment, VyOS works on x86-64, either bare metal of virtualized. There are specialised images for Dell EMC, Edgecore, Lanner and Supermicro hardware. See the full list of solutions.
Support for 32-bit x86 has been discontinued as of 1.2.0 release.
What virtualization platforms are supported?
VyOS supports KVM, Xen (in HVM mode and with XCP-ng), VMware, Nutanix, Proxmox and Microsoft Hyper-V and includes drivers and guest agent daemons for those platforms.
VirtualBox is supported but we don’t include guest additions for it.
Other x86 hypervisors may work as well.
Will there be an ARM version?
We have made experimental images for some ARM boards, but there’s nothing production ready.
Due to lack of standardized boot firmware standard and even standardized endianness of ARM CPUs, it’s impossible to provide a generic ARM image that would be readily usable for everyone.
The most realistic plan right now is to support ARM64 hypervisors. We don’t rule out making images for specific network-oriented ARM boards in the future, but we are not planning to support single NIC boards such as Raspberry Pi.
You can find a discussion about this, in the VyOS Slack Workspace in the channel
No, there is no inherent limitation in the software.
It runs/routes as fast as the underlying hardware (CPU & NIC) allows it to run.
show log will reveal possible log sources.
See here for more troubleshooting guides:
No, VyOS uses "binary installation" that allows you to keep multiple images on the same system and switch between them. This requires a full installation of the system.
To ensure upgrade safety, VyOS uses "binary installation" that allows you to keep multiple images on the same system and switch between them.
Note: If you have a working system, you don't need to boot from the ISO in order to upgrade! The commands given below are to be issued from your current system. The only reason to boot from the ISO is to install VyOS on a new machine.
- Find the URL for the desired release in release notes or release announcement. (Note: the image file depends on your system architecture. Choosing the wrong architecture can lead to a non-responsive remote device.)
- Issue the following operational mode command:
add system image <image URL>.
- Answer the installation script questions.
- [Optional] View images with the
show system imageoperational mode command.
- Reboot your system.
If you can still access the machine console, reboot it and select the previous image from the GRUB menu. Upgrade does not modify existing images and files associated with them, so you will be able to get a working system again.
Forwards-compatible configuration syntax changes are handled automatically. In the case a release includes incompatible syntax changes, you may need to edit your config or perform other actions. Check release notes. Releases are assumed to be backwards-compatible unless otherwise specified.
If you are running a release prior to 1.1.0, it is recommended to first upgrade to 1.1.8 before upgrading to the current release. Upgrading directly from older releases may result in a non-bootable image.
Even though VyOS is Debian-based, it does not use
apt-get for the upgrade. The only supported upgrade procedure is image-based upgrade described above.
apt-get upgrade/dist-upgradeis very likely to render your system inoperable.
Right after installation, you should be able to login with these credentials: