BGP (IPv4 and IPv6), OSPF (v2 and v3), RIP and RIPng, policy-based routing.
BGP (IPv4 and IPv6), OSPF (v2 and v3), RIP and RIPng, policy-based routing.
IPsec, VTI, VXLAN, L2TPv3, L2TP/IPsec and PPTP servers, tunnel interfaces (GRE, IPIP, SIT), OpenVPN in client, server, or site-to-site mode, wireguard.
Stateful firewalls, zone-based firewall, all types of source and destination NAT (one to one, one to many, many to many).
DHCP and DHCPv6 server and relay, IPv6 RA, DNS forwarding, TFTP server, web proxy, PPPoE access concentrator, NetFlow/sFlow sensor, QoS.
VRRP for IPv4 and IPv6, ability to execute custom health checks and transition scripts; ECMP, stateful load balancing.
and archiving make external configuration backup tools redundant.
Its entire codebase and build toolchain are available to everyone for auditing, building customized images, and contributing.
More than 160 businesses use VyOS worldwide
— Max Sörensen, "Visolit"
— Juan B. Rodriguez
— Layne Jester from RedShield Security
— Pavlin Dulev
— Head of IT - Enterprise Automation Foxit Software
— Paul Theodoropoulos, "Autonetmobile"
— Dan Shechter, exponential.com
— Simon Östling, "Arrow Electronics"
— Anthony Grevich, "Platform9"
— Reto Giezendanner, "Flow Swiss AG"
VyOS started as a community project and wouldn’t exist without people who dedicate their time to free software development and peer to peer support. All our code is open to your pull requests, but there are lots of non-programming tasks as well, such as writing documentation and answering questions on the forums. Everyone is welcome to join.
All instances on AWS located behind NAT 1-to-1 and this take negative effect for IPSec.
In this case we can use simple solution with dummy interface and DNAT rules on VyOS routers.
Set Public IP addresses on the dummy interface
set interfaces dummy dum0 address 'x.x.x.x/32'
Create DNAT rules
set nat destination rule 20 inbound-interface 'eth0' set nat destination rule 20 translation address 'x.x.x.x'
Configure L2TP and IPSec
set vpn ipsec nat-traversal enable set vpn ipsec nat-networks allowed-network 0.0.0.0/0 set vpn ipsec ipsec-interfaces interface 'dum0' set vpn l2tp remote-access outside-address 'x.x.x.x' set vpn l2tp remote-access client-ip-pool start 192.168.255.1 set vpn l2tp remote-access client-ip-pool stop 192.168.255.254 set vpn l2tp remote-access dns-servers server-1 '18.104.22.168' set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret-key> set vpn l2tp remote-access authentication mode local set vpn l2tp remote-access authentication local-users username <user> password <password>
Optional: Create NAT rules for L2TP customers
set nat source rule 10 outbound-interface 'eth0' set nat source rule 10 source address '192.168.255.0/24' set nat source rule 10 translation address 'masquerade'
You can order 4h support pack via link below
Default configuration file located at
If you want load default configuration remotely, you can run command bellow, but be careful, all network parameters and services like ssh may be aborted. Also you may configure interface params and ssh access before running command
[email protected]# load /opt/vyatta/etc/config.boot.default Warning: file does NOT appear to be a valid config file. Do you want to continue? [no] Yes Write error: /opt/vyatta/etc/config.boot.default. Loading configuration from '/config.boot.default'... Load complete. Use 'commit' to make changes active. 
No there is no graphical user interface or website for VyOS. Configuration is made via the CLI.
Take a look at the subscription section, where we explain about the support professional support options.
Take a prepared hypervisor image or boot the iso file on your system. Login and execute 'install image'.
More details here:
The documentation is in a process of reorganization. You can read more about this here: https://blog.vyos.io/google-season-of-docs
There are two new types of documentation in process:
The articels here on https://support.vyos.io where you can find more specific information, troubleshooting or workarounds
If you want the latest features (even if they are not working perfectly yet) or you send us pull requests, than you can be sure the contribution will be available to you and willing testers in a reasonable time. Since in VyOS it's easy to revert to the previous version if something goes wrong, the rolling release should be good enough for non-critical production use, since you can always go back to a working version at the end of the maintenance window and report the findings.
The build process is described in the README.md in this git repository:
Can I contribute to VyOS?
Everyone is welcome to contribute to VyOS. Even if you are not a programmer, there are lots of things to do, including writing documentation, testing development builds, and reporting issues.
What are the benefits for contributors?
The goal of introducing LTS release image access subscriptions was to make VyOS development sustainable.
This is why we made them available for people who help the project move forward, either by purchasing a subscription and thus funding the work of the maintainers, or by participating in the project directly.
If you are contributing code, substantial amount of testing or documentation writing, or you are active VyOS evangelist, you are eligible for a free LTS image access subscription.
How do I contribute to documentation?
VyOS documentation is now being developed in this repository: https://github.com/vyos/vyos-documentation/
It's a Sphinx project that is automatically deployed to https://vyos.readthedocs.io/en/latest/
The VyOS wiki (http://wiki.vyos.net) is going to be phased out when its content is migrated to the vyos-documentation project and this knowledge base.
How do I become a tester?
Rolling release images are built nightly by our CI server, and can be found at https://downloads.vyos.io/?dir=rolling/current/amd64
Issues should be reported to https://phabricator.vyos.net/
How do I become a developer?
VyOS source code is at https://github.com/vyos/
The vyos-build repository (https://github.com/vyos/vyos-build/) contains the image build scripts.
All new features are now added to the vyos-1x package (https://github.com/vyos/vyos-1x) in an effort to consolidate the code and data.
Old packages inherited from Vyatta Core such as vyatta-cfg-system are considered legacy and are eliminated when the code they contain is redesigned and rewritten.
Since the release of VyOS 1.2.0 we no longer accept new features in Perl and shell and no longer use the original command template system, and such code will be rejected. All new code must follow the new guidelines created to ensure maintainability and enable us to introduce features formerly prevented by the limitations of the old config backend and old coding approach, such as parallelized commits, live rollbacks and so on.
Before you make a pull request, please create a task in Phabricator and reference it in your commit messages, e.g. "[BGP] T42: add support for overly large communities".
At the moment, VyOS works on x86-64, either bare metal of virtualized.
Support for 32-bit x86 has been discontinued as of 1.2.0 release.
VyOS supports KVM, Xen (in HVM mode), VMware, and Microsoft Hyper-V and includes drivers and guest agent daemons for those platforms.
VirtualBox is supported but we don’t include guest additions for it.
Other x86 hypervisors may work as well.
We have made experimental images for some ARM boards, but there’s nothing production ready.
Due to lack of standardized boot firmware standard and even standardized endianness of ARM CPUs, it’s impossible to provide a generic ARM image that would be readily usable for everyone.
The most realistic plan right now is to support ARM64 hypervisors. We don’t rule out making images for specific network-oriented ARM boards in the future, but we are not planning to support single NIC boards such as RaspberryPi.
What are the hardware requirements?
The smallest amount of RAM that VyOS can boot with is 256MB. Trying to boot VyOS on machines with less RAM will cause boot errors.
Otherwise, hardware requirements vary greatly between use cases. For small office use, low end CPUs and 512MB RAM should be more than enough.
For high performance routers, high end CPUs and larget amounts of RAM are required.
VyOS is split in two branches: long term support and rolling release.
The rolling release branch (git branch “current”) includes the latest code from maintainers and all contributions from community members are merged into it. It’s meant for testing and lab/noncritical router use and is not guaranteed to be stable.
Long term support branches are split from the current branch periodically. They are stable, and only proven, strictly compatible changes are merged or backported into it.
ISO images of the rolling release are public, while long term support release ISOs are only available to subscribers and contributors in binary form.
Yes. The entire code base is available to the public on Github, complete with the build toolchain.
We also keep Debian package repositories used for image builds public so building it completely from source is not required.
Rolling release images are free to download for everyone. Long term support images follow a RedHat-like “pay for binaries” model, though they are available for active contributors to the project for free as well.
Ready to use long term support release images are only available to customers who purchased a subscription and to community members who are contributing code, testing, or documentation to the project.
Everyone can build an LTS release image from the stable branch too. For 1.2.x, the branch is named “crux”. The image built from the branch is equivalent to the latest official LTS image.
If you are contributing code, actively testing the development images and reporting bugs, writing documentation, or helping spread the word by writing blog posts, speaking at conferences etc., you can get access to LTS images for free.
Just fill this form: https://share.hsforms.com/1DmAR8XwnR2W2Ys8-gBbiOQ2ghzu and we will contact you.
Please describe your contributions and provide links to git commits, Phabricator tasks, wiki pages, blog posts and anything else.
People who have contributed to VyOS before release model change in 2019 can get a perpetual subscription. Everyone who contributed only after the model change gets a yearly subscription that is extended if they remain active within the project.
No, everyone who deploys an instance from Amazon, Azure etc. marketplace is eligible for free updates. Contact us and provide your subscriber identifier.
No there is no limitation in the Software.
It run / route as fast as the underlying hardware (cpu & nic) allows it to run.
under the command 'show log' you see all possible log sources.
See here for more Troubleshooting guides:
No, VyOS uses "binary installation" that allows you to keep multiple images on the same system and switch between them. This requires a full installation of the system.
To ensure upgrade safety, VyOS uses "binary installation" that allows you to keep multiple images on the same system and switch between them.
Note: if you have a working system, you don't need to boot from the ISO in order to upgrade! The commands given below are to be issued from your current system. The only reason to boot from the ISO is installing VyOS on a new machine.
If you can access the machine console, reboot it and select the previous image in the GRUB menu. Upgrade does not modify existing images and files associated with them, so you will be able to get a working system again.
Forward-compatible configuration syntax changed are handled automatically. In case a release includes incompatible syntax changes, you may need to edit your config or perform other actions, check release notes. Releases are assumed to be backward-compatible unless otherwise specified.
If you are running a release prior to 1.1.0, it is recommended to first upgrade to 1.1.8 before upgrading to the current release. Upgrading directly from older releases may result in a non-bootable image.
Even though VyOS is Debian-based, it does not use apt-get for the upgrade. The only supported upgrade procedure is image-based upgrade described above.
Using apt-get upgrade/dist-upgrade is very likely to render your system inoperable.
Right after install, you should be able to login with these credentials: