Getting Started
VyOS is provided by OrionVM as a template for software-defined networking. You can use a VyOS instance as a router and firewall for your private network.
This section will step you through the process of creating your very own VyOS instance. Please disregard this section if you have already created your VyOS instance.
The following sections will guide you through the process of setting up basic port forwarding, OpenVPN, L2TP VPNs, and configuring basic firewall settings in VyOS.
Creating Your VyOS Instance
You create a VyOS instance from a template, much like an Ubuntu or CentOS instance. From the Dashboard screen, click the Launch Instance button, which will redirect you to the Instances screen.
On the Instances screen the New Instance panel will display. Under the second column labeled Disks, under New Instance Boot Disk select VyOS from the dropdown list. For the purposes of this guide we will leave the remaining options at their default value. This includes at least one private and one public address attached.
Once you have defined your requirements, click Create and Start to create and start the instance.
Connecting to Your VyOS Instance
Unlike Ubuntu or CentOS instances, VyOS does not support automatic SSH key injection by the OrionVM user panel, and SSH is actually disabled by default. You can always access the instance remotely using our Out-of-Band Console Access.
The default username for VyOS instances is vyos and the default password is vyos.
Configuration Mode
You must enter configuration mode to make changes to your VyOS instance's configuration:
configure
You will be able to tell if you are in configuration mode if your terminal looks similar to below (notice the hash instead of the tilde).
[ edit ]
vyos@vyos#
After making the necessary changes, you can commit to apply the changes and save to keep them constant between reboots:
commit
save
You can exit configuration mode by typing exit:
exit
vyos@vyos~$
Viewing Your Configuration
It may be useful at times to view your current active configuration to diagnose networking issues. While NOT in configuration mode the following command will show the current configuration in a JSON style format:
show configuration
You can also view your configuration as a sequence of VyOS commands using the following command:
show configuration commands
Changing the Root Password
After creating your VyOS instance we recommend that you change the root password for security reasons.
To change a password for a user you enter configuration mode and use the following command:
set system login user <user> authentication plaintext-password <password>
For example, to change the password for the vyos account you do the following:
configure
set system login user vyos authentication plaintext-password <password>
commit
save
Creating Accounts
You can also create new user accounts. VyOS supports two levels of users: admin and operator, where operator is restricted to viewing the system configuration while admin can edit them. For example, to create a user account for John Smith and set it as an admin we would enter the following:
configure
set system login user jsmith full-name "John Smith"
set system login user jsmith authentication plaintext-password <password>
set system login user jsmith level admin
commit
save
Setting Up the Interfaces
To connect your VyOS instance to your public and private network you must configure them manually. In this example, eth0 refers to the private IP address (192.168.0.1/24), and eth1 refers to the public IP address (23.90.55.23/24). You must also configure the default gateway to use the gateway address of the public interface (23.90.55.1 in this case):
configure
set interfaces ethernet eth0 description "Private Network"
set interfaces ethernet eth0 address 192.168.0.1/24
set interfaces ethernet eth1 description "Public Network"
set interfaces ethernet eth1 address 23.90.55.23/24
set system gateway-address 23.90.55.1
commit
save
Setting Up DNS Forwarding
A DNS forwarder is a DNS server that is used to forward DNS queries for external DNS names to DNS servers outside that network. We must configure this manually in VyOS. In this example, we will use Google's IP addresses 8.8.8.8 and 8.8.4.4 as our DNS servers. eth0 is the name of our private network to forward requests from.
configure
set service dns forwarding cache-size '0'
set service dns forwarding listen-on 'eth0'
set service dns forwarding name-server '8.8.8.8'
set service dns forwarding name-server '8.8.4.4'
commit
save
Configuring the Source NAT
We must configure the Source NAT so that traffic from our private network can access the public internet via eth1.
set nat source rule 100 outbound-interface 'eth1'
set nat source rule 100 source address '192.168.0.0/24'
set nat source rule 100 translation address masquerade
Enabling SSH
If required you can enable ssh on the VyOS instance using the following commands:
configure
set service ssh port 22
commit
save
SSH Key Authentication
For added security you can add SSH keys for users via the console. You can load keys from a remote location:
loadkey <USER> http://remote-site/id_rsa.pub
You can also load keys from a local file:
loadkey <USER> /home/<USER>/id_rsa.pub
If required you can disable password authentication for ssh as follows:
configure
set service ssh disable-password-authentication
commit
save