VyOS – Open source router and firewall platform

Join Our Big Family

More than 500 businesses use VyOS globally.

Explore VyOS Use Cases See Customers Success Stories

Why VyOS?

We fundamentally believe that internet access is as vital to our human development as air, food, water, and healthcare. Built by engineers for engineers, VyOS is an open source software company that democratizes how we access networks so that the many, not the few, benefit from building solutions without limitations and prohibitive fees.

We do this as VyOS through our open source software and virtual platforms.

Features

For All Network Device Roles

Download Full Tech Datasheet

Routing
BGP (IPv4 and IPv6), OSPF (v2 and v3), RIP and RIPng, policy-based routing.
VPN
IPsec, VTI, VXLAN, L2TPv3, L2TP / IPsec and PPTP servers, tunnel interfaces (GRE, IPIP, SIT), OpenVPN in client, server, or site-to-site mode, wireguard.
Firewall and NAT
Stateful firewalls, zone-based firewall, all types of source and destination NAT (one to one, one to many, many to many).
Network services
DHCP and DHCPv6 server and relay, IPv6 RA, DNS forwarding, TFTP server, web proxy, PPPoE access concentrator, NetFlow / sFlow sensor, QoS.
High availability
VRRP for IPv4 and IPv6, ability to execute custom health checks and transition scripts; ECMP, stateful load balancing.
Fully Open Source
Its entire codebase and build toolchain are available to everyone for auditing, building customized images, and contributing.

Explore VyOS Use Cases

Whether you have servers in your office, in your data center, or on the cloud – VyOS can be used to establish a secure access to and between any of them.

What Our Customers Say

More than 500 businesses use VyOS globally.

Trustpilot Reviews More Reviews

Resources

Here are some resources to help you learn more about VyOS, keep up with the development, and participate in it.

FAQ

- Is VyOS 1.2 outdated because of Debian 8 release schedule?
  Debian 8 is in the EOL state by the community maintainers, but it is still supported commercially. All the software from Debian 8 that we need for VyOS 1.2 is still supported by https://www.freexian.com/ and it receives security updates. Apart from this, there is still a very big difference between Debian 8 and VyOS 1.2 – VyOS 1.2 uses Debian 8 repository for some of the libraries or system daemons, but the most important parts for the router – kernel, routing daemons, many networking services built by us, and do not have anything common with Debian 8.
  Therefore, VyOS 1.2 could be detected as EOL Debian 8 by some software, but it is supported and not affected by Debian 8 security issues.
- What are the hardware requirements?
  The smallest amount of RAM that VyOS can boot with is 512MB. Trying to boot VyOS on machines with less RAM will result in boot errors.
  Otherwise, hardware requirements vary greatly between use cases. For small office use, low end CPUs and 1024MB RAM should be more than enough.
  For high performance routers, high end CPUs and large amounts of RAM are required.
- Is it free to use VyOS?
  Rolling release images are free to download for everyone. Long term support images follow a Red Hat-like “pay for binaries” model, though they are available for active contributors to the project for free as well.
  Ready to use long term support release images are only available to customers who purchased a subscription and to community members who are contributing code, testing or documentation to the project.
  Everyone can build an LTS release image from the stable branch too. For 1.2.x, the branch is named “crux”. The image built from the branch is equivalent to the latest official LTS image.
- Is VyOS a free and open-source software?
  Yes. The entire codebase is available to the public on GitHub, complete with the build toolchain.
  We also keep Debian package repositories used for image builds public so building it completely from source is not required.
- What’s VyOS Release Model?
  VyOS is split into two branches: long term support and rolling release.
  The rolling release branch (git branch “current”) includes the latest code from maintainers and all contributions from community members are merged into it. It’s meant for testing and home lab / non-critical router use and is not guaranteed to be stable.
  Long term support branches are periodically split from the current branch. They are stable, and only proven, strictly compatible changes are merged or backported into it.
  ISO images of the rolling release are public, while long term support release ISOs are only available to subscribers and contributors in binary form.
- Does VyOS Provide a Graphic Interface?
  There is no official GUI for VyOS yet.
  VyControl is a community driven interface to manage a single or multiple VyOS routers via the HTTP API.
- Where can I find VyOS Documentation?
  The documentation is undergoing reorganization. You can read more about it in this blog post.
  There are two new categories of documentation in process:
  The manual (on GitHub) is automatically deployed in Read the Docs, where you can find the basic description of VyOS and its configuration.
  The articles here on the knowledgebase, where you can find more specific information, troubleshooting and workarounds.
- Does the rolling release suit my needs?
  Yes, if you want the latest features, even if they are not working perfectly yet.
  The rolling release is built daily and passes some basic automated tests, but there is no guarantee that everything will work perfectly.
  In VyOS, it is easy to revert to the previous version if something goes wrong. The rolling release should be good enough for non-critical production use, since you can always go back to a working version at the end of the maintenance window and report the findings.
- What hardware platforms does VyOS support?
  At the moment, VyOS works on x86-64, either bare metal of virtualized.There are specialised images for Dell EMC, Edgecore, Lanner and Supermicro hardware.
  See the full list of solutions.
  Support for 32-bit x86 has been discontinued as of 1.2.0 release.
- What virtualization platforms are supported?
  VyOS supports KVM, Xen (in HVM mode and with XCP-ng), VMware, Nutanix, Proxmox and Microsoft Hyper-V and includes drivers and guest agent daemons for those platforms.
  VirtualBox is supported but we don’t include guest additions for it.
  Other x86 hypervisors may work as well.
- Will there be an ARM version?
  We have made experimental images for some ARM boards, but there’s nothing production ready.
  Due to lack of standardized boot firmware standard and even standardized endianness of ARM CPUs, it’s impossible to provide a generic ARM image that would be readily usable for everyone.
  The most realistic plan right now is to support ARM64 hypervisors. We don’t rule out making images for specific network-oriented ARM boards in the future, but we are not planning to support single NIC boards such as Raspberry Pi.
  You can find a discussion about this, in the VyOS Slack Workspace in the channel #vyos-on-arm-rpi.
- Why my set-up works on a LTS release but doesn’t work on a rolling release image?
  Rolling release is, by definition, not guaranteed to be stable. If any error happens please check the forum or the bugtracker if the error is already known. If not, feel free to report your issue.
- Do I need a subscription if I deployed an instance from a cloud marketplace?
  No, everyone who deploys an instance from Amazon, Azure etc. marketplace is eligible for free updates. Contact us and provide your subscriber identifier.
- How can I get a free subscription for being a contributor?
  If you are contributing code, actively testing the development images and reporting bugs, writing documentation, or helping spread the word by writing blog posts, speaking at conferences etc., you can get access to LTS images for free.
  Just fill this form and we will contact you.
  Please describe your contributions and provide links to git commits, Phabricator tasks, blog posts and anything else. People who have contributed to VyOS before release model change in 2019 can get a perpetual subscription. Everyone who contributed only after the model change gets a yearly subscription that is extended if they remain active within the project.
- How can I buy a subscription?
  Visit subscriptions page.
- How can I get ad hoc support?
  Ad hoc support included in the Production and Mission Critical support subscriptions.
  For other options, please contact [email protected]
- AWS L2TP / IPSec
  All instances on AWS are located behind 1-to-1 NAT and this affectly IPSec negatively.
  In this case we can use a simple solution with a dummy interface and DNAT rules on VyOS routers.
  Set public IP addresses on the dummy interface:
  set interfaces dummy dum0 address 'x.x.x.x/32'
  Create DNAT rules:
  set nat destination rule 20 inbound-interface 'eth0'
  set nat destination rule 20 translation address 'x.x.x.x'
  Configure L2TP and IPSec:
  set vpn ipsec nat-traversal enable
  set vpn ipsec nat-networks allowed-network 0.0.0.0/0
  set vpn ipsec ipsec-interfaces interface 'dum0'
  set vpn l2tp remote-access outside-address 'x.x.x.x'
  set vpn l2tp remote-access client-ip-pool start 192.168.255.1
  set vpn l2tp remote-access client-ip-pool stop 192.168.255.254
  set vpn l2tp remote-access dns-servers server-1 '1.1.1.1'
  set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
  set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret
  set vpn l2tp remote-access authentication mode local
  set vpn l2tp remote-access authentication local-users username password
  Optional: Create NAT rules for L2TP customers:
  set nat source rule 10 outbound-interface 'eth0'
  set nat source rule 10 source address '192.168.255.0/24'
  set nat source rule 10 translation address 'masquerade'
- How to load the default configuration
  The default configuration file located at
  /opt/vyatta/etc/config.boot.default.
  If you want to load default the configuration remotely, you can run the command below, but be careful, all network parameters and services like ssh may be aborted. You can configure interface parameters and ssh access before running command commit.
  vyos@vyos-rtr# load
  /opt/vyatta/etc/config.boot.default
  Warning: file does NOT appear to be a valid config file.
  Do you want to continue? [no] Yes
  Loading configuration from '/config.boot.default'...
  Load complete. Use 'commit' to make changes active.
  [edit]
- How do I install VyOS?
  Run an image dedicated to your platform or boot the generic ISO image on your system.
  Log in and run install image.
  More details here.
- How can I manually build VyOS
  Please follow the instructions from the build repository.
- Does VyOS have any throughput limitations?
  No, there is no inherent limitation in the software.It runs / routes as fast as the underlying hardware (CPU & NIC) allows it to run.
- How can I check logs?
  Running show log will reveal possible log sources.
  See here for more troubleshooting guides.
- Do you provide Debian packages?
  No, VyOS uses "binary installation" that allows you to keep multiple images on the same system and switch between them. This requires a full installation of the system.
- How to upgrade to version 1.2.x
  To ensure upgrade safety, VyOS uses "binary installation" that allows you to keep multiple images on the same system and switch between them.
  Upgrade procedure
  Note: If you have a working system, you don't need to boot from the ISO in order to upgrade! The commands given below are to be issued from your current system. The only reason to boot from the ISO is to install VyOS on a new machine.
  Find the URL for the desired release in release notes or release announcement. (Note: the image file depends on your system architecture. Choosing the wrong architecture can lead to a non-responsive remote device.)
  Issue the following operational mode command: add system image .
  Answer the installation script questions.
  [Optional] View images with the show system image operational mode command.
  Reboot your system.
  If the upgrade went wrong
  If you can still access the machine console, reboot it and select the previous image from the GRUB menu. Upgrade does not modify existing images and files associated with them, so you will be able to get a working system again.
  Config migration
  Forwards-compatible configuration syntax changes are handled automatically. In the case a release includes incompatible syntax changes, you may need to edit your config or perform other actions. Check release notes. Releases are assumed to be backwards-compatible unless otherwise specified.
  Upgrading from 1.1.x
  If you are running a release prior to 1.1.0, it is recommended to first upgrade to 1.1.8 before upgrading to the current release. Upgrading directly from older releases may result in a non-bootable image.
  A note on apt-get
  Even though VyOS is Debian-based, it does not use apt-get for the upgrade. The only supported upgrade procedure is image-based upgrade described above.
  Using apt-get upgrade / dist-upgrade is very likely to render your system inoperable.
  VyOS default user and password
  Right after installation, you should be able to login with these credentials:
  Username: vyos
  Password: vyos
- I need professional support
  Take a look at the subscription section, where we explain the professional support options.
- Contributing to VyOS
  Can I contribute to VyOS?
  Everyone is welcome to contribute to VyOS. Even if you are not a programmer, there are a lot of things you can do, including writing documentation, testing development builds and reporting issues.
  What are the benefits for contributors?
  The goal of introducing LTS release image access subscriptions was to make VyOS development sustainable.
  This is why we made them available for people who help the project move forward, either by purchasing a subscription and thus funding the work of the maintainers, or by participating in the project directly.
  If you are contributing code, substantial amount of testing or documentation writing, or are an active VyOS evangelist, you are eligible for a free LTS image access subscription.
  How do I contribute to documentation?
  VyOS documentation is now being developed in this repository.
  It's a Sphinx project that is automatically deployed to docs.vyos.io.
  The VyOS wiki is going to be phased out when its content is migrated to the vyos-documentation project and this knowledge base.
  How do I become a tester?
  Rolling release images are built nightly by our CI server, and can be found here.
  Issues should be reported to the bug tracker.
  How do I become a developer?
  VyOS source code is at github.com/vyos
  The vyos-build repository/ contains the image build scripts.
  All new features are now added to the vyos-1x package in an effort to consolidate the code and data.
  Old packages inherited from Vyatta Core such as vyatta-cfg-system are considered legacy and are eliminated when the code they contain is redesigned and rewritten.
  Since the release of VyOS 1.2.0 we no longer accept new features in Perl and shell, and no longer use the original command template system. As such, any such code will be rejected. All new code must follow the new guidelines created to ensure maintainability and enable us to introduce features formerly prevented by the limitations of the old config backend and old coding approach, such as parallelized commits, live rollbacks and so on.
  Before you make a pull request, please create a task in Phabricator and reference it in your commit messages, e.g. "[BGP] T42: add support for overly large communities".

general

Still have a question?

Fill out the form to communicate with our experts