VyOS is a fully open source network OS that runs on a wide range of hardware, virtual machines and cloud providers, and offers features for all networks, small and large.
Features for all network device roles
BGP (IPv4 and IPv6), OSPF (v2 and v3), RIP and RIPng, policy-based routing.
IPsec, VTI, VXLAN, L2TPv3, L2TP/IPsec and PPTP servers, tunnel interfaces (GRE, IPIP, SIT), OpenVPN in client, server, or site-to-site mode, WireGuard.
Firewall and NAT
Stateful firewalls, zone-based firewall, all types of source and destination NAT (one to one, one to many, many to many).
DHCP and DHCPv6 server and relay, IPv6 RA, DNS forwarding, TFTP server, web proxy, PPPoE access concentrator, NetFlow/sFlow sensor, QoS.
VRRP for IPv4 and IPv6, ability to execute custom health checks and transition scripts; ECMP, stateful load balancing.
and archiving make external configuration backup tools redundant.
Fully Open Source
The entire codebase and build toolchain are available to everyone for auditing, building customized images and contributing.
Unified management interface
VyOS combines the GNU/Linux operating system and a lot of free networking software under a single, unified management interface. It provides a command line interface in the style of hardware routers, as well as an HTTP API and libraries for configuration scripting.
Virtualization and cloud ready
In addition to bare metal x86-64 servers, VyOS runs on multiple virtualization platforms, including but not limited to KVM, Xen, Citrix XenServer, VirtualBox, VMware, and Microsoft Hyper-V, with paravirtual drivers for all those platforms included in the images for the best performance.
Join our big family
More than 160 businesses use VyOS worldwide
What Our Customers Say
As an ISP, one of our most important use cases is to be able to run full BGP tables without any issues. We have been using VyOS for this for years now and it has worked absolutely flawlessly. I don’t think we’ve ever had an issue with this, in fact.
We also use VyOS to host a couple of hundred server-networks and VyOS handles this with ease, even with some of our networks having crazy amounts of access-rules on them and often having consistently high throughput and burst rates.
Whenever we do experience issues or we simply have theoretical questions, it never feels like the support team is far away. We usually receive very quick and concise answers to our inquiries. It’s a very nice feeling to know that everyone that’s working on the VyOS project seem to be experts at it, it does a lot for our confidence in running VyOS as much as we do.
I reached out to the Vyos team with an issue regarding my subscription and it was promptly resolved.
I have been using vyos for the past 6 maybe 7 years, came from pfsense and never looked back.
The most important features for me:
- Ease of use
- I can configure everything from the command line and have made small modifications as time has gone by. I keep a script with the full command set applicable to my firewall.
- Setting up fq-codel is extremely intuitive and works flawlessly. I never had this kind of QoS with other solutions.
- I do miss a web interface to display stats and such, but I can live without it for the time being.
I have nothing but good things to say about the VyOS Support Engineers. I think Dmitriy has owned our last 2 ticket, and the rest of the Support Team have all helped out. Taras, Yuriy, Jose, (and I hope I didn’t miss anyone) are quick to contribute and answer any questions I have. I believe it was Taras that even updated the VyOS/VMware doc to clarify a few things that I needed help understanding.
My boss just recently purchased a VyOS Subscription, or license, because we were experiencing a couple bizarre issues during our VyOS refresh of 30+ routers. We were struggling due to a single “show-stopper” issue, month after month, and not able to proceed with the rest of the refresh project. My boss, Daya Rajaratnam, decided we needed to get Commercial Support and open proper tickets and also to show our support of the VyOS Team.
Just hours after our Support PO went thru, I opened a ticket. I gave it a relatively low priority so I would know what to expect with future tickets. Its was great to see a response from an Engineer in just a couple hours. Fast forward a few days and the root cause was identified, I had a simple workaround in place and working in production(and had learned a lot from other Support Engineers that had contributed). What a HUGE load off my back to have that issue resolved with a reliable fix. 5 Stars for service, knowledge, and going above and beyond. (Hell, can I give them 10 stars?).
4 days later I opened a second ticket about an unrelated VTI issue that had also been plaguing us for many months. The experience was equally impressive and I again had a simple and reliable workaround.
Working with this group was a real pleasure.
I use Vyos from the beginning and his predecessor Vyatta. I like platform because has own style of architecture and similar cli like cisco and juniper.
I use platform to make migration from site to site or hybrid migration with Cloud.
I’d like that platform has all ipv6 attribute and use it very much.
VyOS is the backbone of our company network since the early Vyatta 6.x days. It scales to meet your needs – from 256MB Alix-Board Low-Power Box for small branch offices to multi-processor rackmounted/virtualized network appliance – and is extremely easy to integrate with other systems like monitoring and configuration management. The excellent support from Sentrium turns it into a truely complete product that meets all our requirements.
I’m happy to recommend VyOS/Sentrium. We first began using VyOS several years ago; we maintain a VPN from cellular vendor network to our infrastructure. Since moving our infrastructure permanently to AWS, we decided to sign up for Sentrium’s professional product and service.
I recently ran into a peculiar issue with the IPSEC VPN after a version upgrade – Sentrium staff worked with me to resolve it, and were very prompt in providing information and resolution. We are running two instances, a primary and a backup, and both are working splendidly, with seamless failover.
Thank you for the prompt support. It is great to know that not only the product is a perfect fit for our needs, but also knowing that there is a professional support team we can rely on.
We use VYOS to connect distributed POPs to our data centers and provide secure Internet connectivity to the POPs.
I think you have a great product. Actually I like promoting your product to other customers and using it for demo purposes.
You are one of a kind today to support almost all network protocols.
You guys are great on support. Thank You.
We are very excited about VyOS and use it as part of our products. VyOS convinces as a complete product with REST API and Wireguard support. The support is very fast and extremely competent.
VyOS is very powerful router
I’ve been using vyos since 2013. I was looking at purchasing a couple of other hardware devices from a vendor that sounds like Jupiter. There were several licensing restrictions and extra costs that would have gone into the project, but thanks to Lanner electronics and vyos, the cost dropped by about 75% and we didn’t have to worry about extra licensing to do what we needed. I’m pretty much s novice when it comes to the network and network security side of the house, but our very experienced network team was more than impressed with vyos. And they were able to, not only complete, but add features, to our installation for several hundred workstations using 5Gb of bandwidth across 4 sites. Myself and a team with over 60 years of combined experience can’t recommend it strongly enough.
We want to partner with you 😉
Dmitriy Eshenko was very knowledgeable, friendly and resolved the issue I was having.
Reliable solution for building Site-2-Site VPNs. It just works as expected.
Great quick service!
VyOS is very useful for teaching IP routing basics at the University of Applied Sciences Esslingen. The command line interface is easy to learn and convenient to use. And VyOS includes all IP routing features required in the lab (KTlab at University of Applied Sciences Esslingen).
Startet with Vyatta and now moved to vyos.
Have bin using Vyatta/Vyos on hardware/VMware for many years. Also using Ubiquti routers.
We are using Vyos in our education.
Great software, decent support.
VyOS has been my go to virtual router distribution ever since vyatta got acquired. I love their new business model which makes sure the project stays afloat while still giving the community all the features being developed without restrictions.
I looked for an Opensource router with power ful command line.
So I found VyOS with lots of essential features like: BGP, RPKI, OSPF, IPSec and recently support MPLS in beside of very easy command line.
Started with Vyatta subscription in 2008. Upgraded to VyOS and still running. (BGP)
I’ve used VyOS (Vyatta) since 2014. It was the primary routing platform in an organization that supported 100+ sites and over 40,000 users. There is a learning curve for some who have come from a traditional environment, but it is an extremely flexible networking platform.
Excellent Product. We have been using VyOS for couple of years for IPSec, BGP, Firewall, NAT etc features. Very stable and very easy to use.
Super knowledgable and always ready to go the extra mile.
Excellent support, very quick response and kindly.
We are working with VyOS (previously Vyatta) since 2014 and in general we are very satified.
VyOS is a great product. It’s very community driven. The only small downside at the moment is that some legacy staff needs to be reworked until the focus really could be set to the future.
But a lot of things are already changed.
VyOS has proven to be very reliable over the last 8 years we use it (starting with Vyatta).
Very reliable routing software with great community and support.
Vyos is my go-to distro when setting up routers. Everything works out of the box, the installation process is simple and in a few minutes you’re good to go.
The development is really active, and you can easily reach the devs and the community through the forums if you need.
Excelent system and team.
What an awesome Swiss-Army-Knife of a solution!
I’ve been using Vyos since the early days. It is an incredibly flexible, useful and stable router.
Very impressed with the recent re-shuffle, re-branding and formalizing of the commercial support model.
It will no-doubt bring Vyos on-par with other high-quality commercially-supported open source tools. In my view, better than your average Cisco/Juniper/Edgemax router.
Very active development as of now in 2020. Great software.
Awesome Job guys.
Over the last two years of so, VyOS has become my go-to for a wide range of use cases, ranging from a simple home router all the way up to using it for private to public cloud connectivity on AWS, Azure and GCP. It’s also a great VPN appliance for road-warriors.
It doesn’t matter what I throw it on, KVM, Xen or VMware hypervisors, or bare metal Xeon, Xeon-D and below… it just works.
VyOS kicks … you know what. I hope you’ll decide to support the project too.
You turn in on and it works.
VyOS is my go-to router distribution. I use it at client sites, at home, and would not hesitate to recommend it for most router/firewall needs. It runs superbly well on small low powered hardware as well as larger servers. I have never used or needed the paid support, but for a mission critical installation I would think it would be beneficial.
Used as bgp router and also in a different box as vxlan with great performance.
Amazing! Several features on a single platform.
We have been using Vyatta/VYOS for years now and recently started participating in paid support program. We are happy to do this as we think it is important to financially support good open source software. I have had a couple of support issues thus far where I was not able to easily find the answer I was looking for on the web. I could have taken more time to look, but instead I was able to open up a quick line of communication to the VYOS support team. Their response has been prompt and thorough and truly interested in answering the question versus just moving through tickets. Great Job!
Reliable substitute for physical routers.
It is an all in one networking solution for our remote branch office connectivity and corporate access. It can be nearly deployed everywhere (clouds / virtual appliance/ physical device). It is a perfect choice to add to your tech basket if you are a development-aware IT guy or an IT-aware developer. The development team are very supporting both technically and humanely.
You may interact in their slack channels with the contributors and product owners as well as file and watch the issues in their phabricator.
Although they offer official builds via subscription, you are allowed and may achieve the same build in DIY manner via the instructions for free. They also generously offer free subscription to support the soul of contribution to heavy contributors. Their recent empathy to offer free subscription and setup help for organizations falling into remote work category due to COVID protections is just an example of what makes you feel attached.
VyOS is an excellent virtual router and we have made it a staple of our IT systems; using it almost everywhere!
Thank-you for VyOS! Stable, lots and lots of production level features, well thought-out cli contexts, config is readable, system is scriptable, easy access to tcpdump, easy to back-up and restore, great price.
Perfect and fast OS for routers. Using it widely in our internal and external infrastructure, never had any kind of serious issues with it.
You guys have been great to work with but you are making the wrong decision with T2100 to not set check igp as default. Every other BGP implementation does this. The feedback I am getting from the networking community says that no one wants this and I have demonstrated how it breaks BGP networks. This breaks BGP in a subtle way that only becomes apparent during a reroute. I am giving this feedback to help you improve.
A very good community and excellent Router. VyOS ist very stable. We use VyOS to communicate with our servers in different locations. It works very well!
Great product with a good pro support !
Fantastic Product with superb support!
Found it a bit difficult to figure out the right product configuration for us, but we are happy with the product quality.
Get access to LTS Release
Or you can try out VyOS Rolling release
Join the community
VyOS started as a community project and wouldn’t exist without people who dedicate their time to free software development and peer to peer support. All our code is open for your pull requests, but there are lots of non-programming tasks as well, such as writing documentation and answering questions on the forums. Everyone is welcome to join.
Check out our resources
The smallest amount of RAM that VyOS can boot with is 256MB. Trying to boot VyOS on machines with less RAM will result in boot errors.
Otherwise, hardware requirements vary greatly between use cases. For small office use, low end CPUs and 512MB RAM should be more than enough.
For high performance routers, high end CPUs and large amounts of RAM are required.
No, everyone who deploys an instance from Amazon, Azure etc. marketplace is eligible for free updates. Contact us and provide your subscriber identifier.
If you are contributing code, actively testing the development images and reporting bugs, writing documentation, or helping spread the word by writing blog posts, speaking at conferences etc., you can get access to LTS images for free.
Just fill this form: https://share.hsforms.com/1DmAR8XwnR2W2Ys8-gBbiOQ2ghzu and we will contact you.
Please describe your contributions and provide links to git commits, Phabricator tasks, blog posts and anything else.
People who have contributed to VyOS before release model change in 2019 can get a perpetual subscription. Everyone who contributed only after the model change gets a yearly subscription that is extended if they remain active within the project.
Rolling release images are free to download for everyone. Long term support images follow a Red Hat-like “pay for binaries” model, though they are available for active contributors to the project for free as well.
Ready to use long term support release images are only available to customers who purchased a subscription and to community members who are contributing code, testing or documentation to the project.
Everyone can build an LTS release image from the stable branch too. For 1.2.x, the branch is named “crux”. The image built from the branch is equivalent to the latest official LTS image.
Yes. The entire codebase is available to the public on GitHub, complete with the build toolchain.
We also keep Debian package repositories used for image builds public so building it completely from source is not required.
VyOS is split into two branches: long term support and rolling release.
The rolling release branch (git branch “current”) includes the latest code from maintainers and all contributions from community members are merged into it. It’s meant for testing and home lab/non-critical router use and is not guaranteed to be stable.
Long term support branches are periodically split from the current branch. They are stable, and only proven, strictly compatible changes are merged or backported into it.
ISO images of the rolling release are public, while long term support release ISOs are only available to subscribers and contributors in binary form.
All instances on AWS are located behind 1-to-1 NAT and this affectly IPSec negatively.
In this case we can use a simple solution with a dummy interface and DNAT rules on VyOS routers.
Set public IP addresses on the dummy interface:
set interfaces dummy dum0 address 'x.x.x.x/32'
Create DNAT rules:
set nat destination rule 20 inbound-interface 'eth0' set nat destination rule 20 translation address 'x.x.x.x'
Configure L2TP and IPSec:
set vpn ipsec nat-traversal enable set vpn ipsec nat-networks allowed-network 0.0.0.0/0 set vpn ipsec ipsec-interfaces interface 'dum0' set vpn l2tp remote-access outside-address 'x.x.x.x' set vpn l2tp remote-access client-ip-pool start 192.168.255.1 set vpn l2tp remote-access client-ip-pool stop 192.168.255.254 set vpn l2tp remote-access dns-servers server-1 '184.108.40.206' set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret-key> set vpn l2tp remote-access authentication mode local set vpn l2tp remote-access authentication local-users username <user> password <password>
Optional: Create NAT rules for L2TP customers:
set nat source rule 10 outbound-interface 'eth0' set nat source rule 10 source address '192.168.255.0/24' set nat source rule 10 translation address 'masquerade'
You can order 4-hour support pack via the link below:
The default configuration file located at
If you want to load default the configuration remotely, you can run the command below, but be careful, all network parameters and services like ssh may be aborted. You can configure interface parameters and ssh access before running command
vyos@vyos-rtr# load /opt/vyatta/etc/config.boot.default Warning: file does NOT appear to be a valid config file. Do you want to continue? [no] Yes Loading configuration from '/config.boot.default'... Load complete. Use 'commit' to make changes active. 
Take a look at the subscription section, where we explain the professional support options.
Run an image dedicated to your platform or boot the generic ISO image on your system.
Log in and run
More details here: https://docs.vyos.io/en/latest/install.html
The documentation is undergoing reorganization. You can read more about it here: https://blog.vyos.io/google-season-of-docs
There are two new categories of documentation in process:
The articles here on the knowledgebase, where you can find more specific information, troubleshooting and workarounds.
Yes, if you want the latest features, even if they are not working perfectly yet.
The rolling release is built daily and passes some basic automated tests, but there is no guarantee that everything will work perfectly.
In VyOS, it is easy to revert to the previous version if something goes wrong. The rolling release should be good enough for non-critical production use, since you can always go back to a working version at the end of the maintenance window and report the findings.
Please follow the instructions from the build repository:
Can I contribute to VyOS?
Everyone is welcome to contribute to VyOS. Even if you are not a programmer, there are a lot of things you can do, including writing documentation, testing development builds and reporting issues.
What are the benefits for contributors?
The goal of introducing LTS release image access subscriptions was to make VyOS development sustainable.
This is why we made them available for people who help the project move forward, either by purchasing a subscription and thus funding the work of the maintainers, or by participating in the project directly.
If you are contributing code, substantial amount of testing or documentation writing, or are an active VyOS evangelist, you are eligible for a free LTS image access subscription.
How do I contribute to documentation?
VyOS documentation is now being developed in this repository: https://github.com/vyos/vyos-documentation/
It's a Sphinx project that is automatically deployed to https://docs.vyos.io
The VyOS wiki (http://wiki.vyos.net) is going to be phased out when its content is migrated to the vyos-documentation project and this knowledge base.
How do I become a tester?
Rolling release images are built nightly by our CI server, and can be found at https://downloads.vyos.io/?dir=rolling/current/amd64
Issues should be reported to the bug tracker.
How do I become a developer?
VyOS source code is at github.com/vyos
The vyos-build repository/ contains the image build scripts.
All new features are now added to the vyos-1x package in an effort to consolidate the code and data.
Old packages inherited from Vyatta Core such as vyatta-cfg-system are considered legacy and are eliminated when the code they contain is redesigned and rewritten.
Since the release of VyOS 1.2.0 we no longer accept new features in Perl and shell, and no longer use the original command template system. As such, any such code will be rejected. All new code must follow the new guidelines created to ensure maintainability and enable us to introduce features formerly prevented by the limitations of the old config backend and old coding approach, such as parallelized commits, live rollbacks and so on.
Before you make a pull request, please create a task in Phabricator and reference it in your commit messages, e.g. "[BGP] T42: add support for overly large communities".
What hardware platforms does VyOS support?
At the moment, VyOS works on x86-64, either bare metal of virtualized. There are specialised images for Dell EMC, Edgecore, Lanner and Supermicro hardware. See the full list of solutions.
Support for 32-bit x86 has been discontinued as of 1.2.0 release.
What virtualization platforms are supported?
VyOS supports KVM, Xen (in HVM mode and with XCP-ng), VMware, Nutanix, Proxmox and Microsoft Hyper-V and includes drivers and guest agent daemons for those platforms.
VirtualBox is supported but we don’t include guest additions for it.
Other x86 hypervisors may work as well.
Will there be an ARM version?
We have made experimental images for some ARM boards, but there’s nothing production ready.
Due to lack of standardized boot firmware standard and even standardized endianness of ARM CPUs, it’s impossible to provide a generic ARM image that would be readily usable for everyone.
The most realistic plan right now is to support ARM64 hypervisors. We don’t rule out making images for specific network-oriented ARM boards in the future, but we are not planning to support single NIC boards such as Raspberry Pi.
You can find a discussion about this, in the VyOS Slack Workspace in the channel
No, there is no inherent limitation in the software.
It runs/routes as fast as the underlying hardware (CPU & NIC) allows it to run.
show log will reveal possible log sources.
See here for more troubleshooting guides:
No, VyOS uses "binary installation" that allows you to keep multiple images on the same system and switch between them. This requires a full installation of the system.
To ensure upgrade safety, VyOS uses "binary installation" that allows you to keep multiple images on the same system and switch between them.
Note: If you have a working system, you don't need to boot from the ISO in order to upgrade! The commands given below are to be issued from your current system. The only reason to boot from the ISO is to install VyOS on a new machine.
- Find the URL for the desired release in release notes or release announcement. (Note: the image file depends on your system architecture. Choosing the wrong architecture can lead to a non-responsive remote device.)
- Issue the following operational mode command:
add system image <image URL>.
- Answer the installation script questions.
- [Optional] View images with the
show system imageoperational mode command.
- Reboot your system.
If you can still access the machine console, reboot it and select the previous image from the GRUB menu. Upgrade does not modify existing images and files associated with them, so you will be able to get a working system again.
Forwards-compatible configuration syntax changes are handled automatically. In the case a release includes incompatible syntax changes, you may need to edit your config or perform other actions. Check release notes. Releases are assumed to be backwards-compatible unless otherwise specified.
If you are running a release prior to 1.1.0, it is recommended to first upgrade to 1.1.8 before upgrading to the current release. Upgrading directly from older releases may result in a non-bootable image.
Even though VyOS is Debian-based, it does not use
apt-get for the upgrade. The only supported upgrade procedure is image-based upgrade described above.
apt-get upgrade/dist-upgradeis very likely to render your system inoperable.
Right after installation, you should be able to login with these credentials: