Download
Download
phone
+1 844 980 2188
Contact Support

Join Our Big Family

More than 500 businesses use VyOS globally.

  • Vodafone
  • Berkeley Lab
  • RL Jones
  • RedShield
  • Fujitsu
  • NTT Data
Explore VyOS Use Cases
View Customers Success Stories

Why VyOS?

We fundamentally believe that internet access is as vital to our human development as air, food, water, and healthcare. Built by engineers for engineers, VyOS is an open source software company that democratizes how we access networks so that the many, not the few, benefit from building solutions without limitations and prohibitive fees.

We do this as VyOS through our open source software and virtual platforms.

Features

For All Network Device Roles

  • Routing

    Routing

    BGP (IPv4 and IPv6), OSPF (v2 and v3), RIP and RIPng, policy-based routing.

  • VPN

    VPN

    IPsec, VTI, VXLAN, L2TPv3, L2TP/IPsec and PPTP servers, tunnel interfaces (GRE, IPIP, SIT), OpenVPN in client, server, or site-to-site mode, wireguard.

  • Firewall and NAT

    Firewall and NAT

    Stateful firewalls, zone-based firewall, all types of source and destination NAT (one to one, one to many, many to many).

  • Network services

    Network services

    DHCP and DHCPv6 server and relay, IPv6 RA, DNS forwarding, TFTP server, web proxy, PPPoE access concentrator, NetFlow/sFlow sensor, QoS.

  • High availability

    High availability

    VRRP for IPv4 and IPv6, ability to execute custom health checks and transition scripts; ECMP, stateful load balancing.

  • Fully Open Source

    Fully Open Source

    Its entire codebase and build toolchain are available to everyone for auditing, building customized images, and contributing.

Explore VyOS Use Cases

Whether you have servers in your office, in your data center, or on the cloud – VyOS can be used to establish a secure access to and between any of them.
Let’s see!

What Our Customers Say

More than 500 businesses use VyOS globally.

Discover Our Use Cases

See how you can use our use cases for your business

Enterprise Router and Firewal

Enterprise Router and Firewall

Standard network services such as DHCP server and relay, DNS forwarding and web proxy are supported as well.

VyOS supports stateful firewall for both IPv4 and IPv6 including zone-based firewall, as well as multiple types of NAT (one to one, one to many, many to many). Support for QoS and policy-based routing allows you to ensure optimal handling of traffic flows.

Discover VyOS Enterprise Routing and Firewalls
Edge Router

Edge Router

Support for standard routing protocols including OSPF and BGP makes edge router a popular use case for VyOS. Multiple BGP features including 32-bit ASNs; standard, large, and extended communities; AS override and more provide excellent interoperability.

For high availability setups, VRRP is supported for both IPv4 and IPv6 with the option to add custom health checks and transition scripts. Built-in configuration archiving and versioning, and a reversible, image based upgrade feature simplify system management and improve maintenance reliability.

Discover VyOS Edge Router
Cloud Gateway

Cloud Gateway

Due to its ability to run on physical and virtual hardware alike, VyOS can be used to connect your cloud infrastructure to your data center or office network. Ready to use images are available through the marketplace on Amazon Web Services, Microsoft Azure, Google Cloud Platform and many others, with more images to come in future releases.

Support for multiple protocols and no need for per-tunnel licensing allow for greater flexibility and reduced costs compared to VPN solutions provided by cloud vendors.

Discover VyOS Cloud Gateway
VPN Gateway

VPN Gateway

Support for multiple VPN protocols makes VyOS especially suited for the VPN gateway role. Among supported protocols are IPsec (IKEv1 and IKEv2), VTI, OpenVPN in client-server and site to site mode, and WireGuard.

Traditional and new tunneling protocols such as IPIP and GRE, as well as L2TPv3 and VXLAN can be used with or without IPsec protection.

VyOS is one of the few networking solutions that provide DMVPN support and perhaps the only open source platform to provide it.

Discover VyOS VPN Gateway
Custom Services

Custom Services

VyOS is not just a product, but a unified platform, with all its internal APIs accessible to everyone. You can integrate your own applications into the VyOS CLI and produce custom images easily.

Scripting APIs can be used to create custom high availability scenarios. You can also produce images with custom configuration for deploying on your customer’s equipment.

FAQ

  • general

  • subscriptions

  • technical

  • support

  • community

    • Is VyOS 1.2 outdated because of Debian 8 release schedule?

      Debian 8 is in the EOL state by the community maintainers, but it is still supported commercially. All the software from Debian 8 that we need for VyOS 1.2 is still supported by https://www.freexian.com/ and it receives security updates. Apart from this, there is still a very big difference between Debian 8 and VyOS 1.2 – VyOS 1.2 uses Debian 8 repository for some of the libraries or system daemons, but the most important parts for the router – kernel, routing daemons, many networking services built by us, and do not have anything common with Debian 8.

      Therefore, VyOS 1.2 could be detected as EOL Debian 8 by some software, but it is supported and not affected by Debian 8 security issues.

    • What are the hardware requirements?

      The smallest amount of RAM that VyOS can boot with is 512MB. Trying to boot VyOS on machines with less RAM will result in boot errors.

      Otherwise, hardware requirements vary greatly between use cases. For small office use, low end CPUs and 1024MB RAM should be more than enough.

      For high performance routers, high end CPUs and large amounts of RAM are required.

    • Is it free to use VyOS?

      Rolling release images are free to download for everyone. Long term support images follow a Red Hat-like “pay for binaries” model, though they are available for active contributors to the project for free as well.

      Ready to use long term support release images are only available to customers who purchased a subscription and to community members who are contributing code, testing or documentation to the project.

      Everyone can build an LTS release image from the stable branch too. For 1.2.x, the branch is named “crux”. The image built from the branch is equivalent to the latest official LTS image.

    • Is VyOS a free and open-source software?

      Yes. The entire codebase is available to the public on GitHub, complete with the build toolchain.

      We also keep Debian package repositories used for image builds public so building it completely from source is not required.

    • What’s VyOS Release Model?

      VyOS is split into two branches: long term support and rolling release.

      The rolling release branch (git branch “current”) includes the latest code from maintainers and all contributions from community members are merged into it. It’s meant for testing and home lab/non-critical router use and is not guaranteed to be stable.

      Long term support branches are periodically split from the current branch. They are stable, and only proven, strictly compatible changes are merged or backported into it.

      ISO images of the rolling release are public, while long term support release ISOs are only available to subscribers and contributors in binary form.

    • Does VyOS Provide a Graphic Interface?

      There is no official GUI for VyOS yet.

      VyControl is a community driven interface to manage a single or multiple VyOS routers via the HTTP API.

    • Where can I find VyOS Documentation?

      The documentation is undergoing reorganization. You can read more about it in this blog post.

      There are two new categories of documentation in process:

      The manual (on GitHub) is automatically deployed in Read the Docs, where you can find the basic description of VyOS and its configuration.

      The articles here on the knowledgebase, where you can find more specific information, troubleshooting and workarounds.

    • Does the rolling release suit my needs?

      Yes, if you want the latest features, even if they are not working perfectly yet.

      The rolling release is built daily and passes some basic automated tests, but there is no guarantee that everything will work perfectly.

      In VyOS, it is easy to revert to the previous version if something goes wrong. The rolling release should be good enough for non-critical production use, since you can always go back to a working version at the end of the maintenance window and report the findings.

    • What hardware platforms does VyOS support?

      At the moment, VyOS works on x86-64, either bare metal of virtualized.There are specialised images for Dell EMC, Edgecore, Lanner and Supermicro hardware.

      See the full list of solutions.

      Support for 32-bit x86 has been discontinued as of 1.2.0 release.

    • What virtualization platforms are supported?

      VyOS supports KVM, Xen (in HVM mode and with XCP-ng), VMware, Nutanix, Proxmox and Microsoft Hyper-V and includes drivers and guest agent daemons for those platforms.

      VirtualBox is supported but we don’t include guest additions for it.

      Other x86 hypervisors may work as well.

    • Will there be an ARM version?

      We have made experimental images for some ARM boards, but there’s nothing production ready.

      Due to lack of standardized boot firmware standard and even standardized endianness of ARM CPUs, it’s impossible to provide a generic ARM image that would be readily usable for everyone.

      The most realistic plan right now is to support ARM64 hypervisors. We don’t rule out making images for specific network-oriented ARM boards in the future, but we are not planning to support single NIC boards such as Raspberry Pi.

      You can find a discussion about this, in the VyOS Slack Workspace in the channel #vyos-on-arm-rpi.

    • Why my set-up works on a LTS release but doesn’t work on a rolling release image?

      Rolling release is, by definition, not guaranteed to be stable. If any error happens please check the forum or the bugtracker if the error is already known. If not, feel free to report your issue.

    • Do I need a subscription if I deployed an instance from a cloud marketplace?

      No, everyone who deploys an instance from Amazon, Azure etc. marketplace is eligible for free updates. Contact us and provide your subscriber identifier.

    • How can I get a free subscription for being a contributor?

      If you are contributing code, actively testing the development images and reporting bugs, writing documentation, or helping spread the word by writing blog posts, speaking at conferences etc., you can get access to LTS images for free.

      Just fill this form and we will contact you.

      Please describe your contributions and provide links to git commits, Phabricator tasks, blog posts and anything else. People who have contributed to VyOS before release model change in 2019 can get a perpetual subscription. Everyone who contributed only after the model change gets a yearly subscription that is extended if they remain active within the project.

    • How can I buy a subscription?

      Visit subscriptions page.

    • How can I get ad hoc support?

      Ad hoc support included in the Production and Mission Critical support subscriptions.

      For other options, please contact [email protected]

    • AWS L2TP/IPSec

      All instances on AWS are located behind 1-to-1 NAT and this affectly IPSec negatively.

      In this case we can use a simple solution with a dummy interface and DNAT rules on VyOS routers.

      Set public IP addresses on the dummy interface:

      set interfaces dummy dum0 address 'x.x.x.x/32'

      Create DNAT rules:

      set nat destination rule 20 inbound-interface 'eth0'

      set nat destination rule 20 translation address 'x.x.x.x'

      Configure L2TP and IPSec:

      set vpn ipsec nat-traversal enable

      set vpn ipsec nat-networks allowed-network 0.0.0.0/0

      set vpn ipsec ipsec-interfaces interface 'dum0'

      set vpn l2tp remote-access outside-address 'x.x.x.x'

      set vpn l2tp remote-access client-ip-pool start 192.168.255.1

      set vpn l2tp remote-access client-ip-pool stop 192.168.255.254

      set vpn l2tp remote-access dns-servers server-1 '1.1.1.1'

      set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret

      set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret

      set vpn l2tp remote-access authentication mode local

      set vpn l2tp remote-access authentication local-users username password

      Optional: Create NAT rules for L2TP customers:

      set nat source rule 10 outbound-interface 'eth0'

      set nat source rule 10 source address '192.168.255.0/24'

      set nat source rule 10 translation address 'masquerade'

    • How to load the default configuration

      The default configuration file located at

      /opt/vyatta/etc/config.boot.default.

      If you want to load default the configuration remotely, you can run the command below, but be careful, all network parameters and services like ssh may be aborted. You can configure interface parameters and ssh access before running command commit.

      [email protected]# load

      /opt/vyatta/etc/config.boot.default

      Warning: file does NOT appear to be a valid config file.

      Do you want to continue? [no] Yes

      Loading configuration from '/config.boot.default'...

      Load complete. Use 'commit' to make changes active.

      [edit]

    • How do I install VyOS?

      Run an image dedicated to your platform or boot the generic ISO image on your system.

      Log in and run install image.

      More details here.

    • How can I manually build VyOS

      Please follow the instructions from the build repository.

    • Does VyOS have any throughput limitations?

      No, there is no inherent limitation in the software.It runs/routes as fast as the underlying hardware (CPU & NIC) allows it to run.

    • How can I check logs?

      Running show log will reveal possible log sources.

      See here for more troubleshooting guides.

    • Do you provide Debian packages?

      No, VyOS uses "binary installation" that allows you to keep multiple images on the same system and switch between them. This requires a full installation of the system.

    • How to upgrade to version 1.2.x

      To ensure upgrade safety, VyOS uses "binary installation" that allows you to keep multiple images on the same system and switch between them.

      Upgrade procedure

      Note: If you have a working system, you don't need to boot from the ISO in order to upgrade! The commands given below are to be issued from your current system. The only reason to boot from the ISO is to install VyOS on a new machine.

      Find the URL for the desired release in release notes or release announcement. (Note: the image file depends on your system architecture. Choosing the wrong architecture can lead to a non-responsive remote device.)

      Issue the following operational mode command: add system image .

      Answer the installation script questions.

      [Optional] View images with the show system image operational mode command.

      Reboot your system.

      If the upgrade went wrong

      If you can still access the machine console, reboot it and select the previous image from the GRUB menu. Upgrade does not modify existing images and files associated with them, so you will be able to get a working system again.

      Config migration

      Forwards-compatible configuration syntax changes are handled automatically. In the case a release includes incompatible syntax changes, you may need to edit your config or perform other actions. Check release notes. Releases are assumed to be backwards-compatible unless otherwise specified.

      Upgrading from 1.1.x

      If you are running a release prior to 1.1.0, it is recommended to first upgrade to 1.1.8 before upgrading to the current release. Upgrading directly from older releases may result in a non-bootable image.

      A note on apt-get

      Even though VyOS is Debian-based, it does not use apt-get for the upgrade. The only supported upgrade procedure is image-based upgrade described above.

      Using apt-get upgrade/dist-upgrade is very likely to render your system inoperable.

      VyOS default user and password

      Right after installation, you should be able to login with these credentials:

      Username: vyos

      Password: vyos

    • I need professional support

      Take a look at the subscription section, where we explain the professional support options.

    • Contributing to VyOS

      Can I contribute to VyOS?

      Everyone is welcome to contribute to VyOS. Even if you are not a programmer, there are a lot of things you can do, including writing documentation, testing development builds and reporting issues.

      What are the benefits for contributors?

      The goal of introducing LTS release image access subscriptions was to make VyOS development sustainable.

      This is why we made them available for people who help the project move forward, either by purchasing a subscription and thus funding the work of the maintainers, or by participating in the project directly.

      If you are contributing code, substantial amount of testing or documentation writing, or are an active VyOS evangelist, you are eligible for a free LTS image access subscription.

      How do I contribute to documentation?

      VyOS documentation is now being developed in this repository.

      It's a Sphinx project that is automatically deployed to docs.vyos.io.

      The VyOS wiki is going to be phased out when its content is migrated to the vyos-documentation project and this knowledge base.

      How do I become a tester?

      Rolling release images are built nightly by our CI server, and can be found here.

      Issues should be reported to the bug tracker.

      How do I become a developer?

      VyOS source code is at github.com/vyos

      The vyos-build repository/ contains the image build scripts.

      All new features are now added to the vyos-1x package in an effort to consolidate the code and data.

      Old packages inherited from Vyatta Core such as vyatta-cfg-system are considered legacy and are eliminated when the code they contain is redesigned and rewritten.

      Since the release of VyOS 1.2.0 we no longer accept new features in Perl and shell, and no longer use the original command template system. As such, any such code will be rejected. All new code must follow the new guidelines created to ensure maintainability and enable us to introduce features formerly prevented by the limitations of the old config backend and old coding approach, such as parallelized commits, live rollbacks and so on.

      Before you make a pull request, please create a task in Phabricator and reference it in your commit messages, e.g. "[BGP] T42: add support for overly large communities".

general