VyOS is provided by OrionVM as a template for software-defined networking. You can use a VyOS instance as a router and firewall for your private network.
This section will step you through the process of creating your very own VyOS instance. Please disregard this section if you have already created your VyOS instance.
The following sections will guide you through the process of setting up basic port forwarding, OpenVPN, L2TP VPNs, and configuring basic firewall settings in VyOS.
Creating Your VyOS Instance
You create a VyOS instance from a template, much like an Ubuntu or CentOS instance. From the Dashboard screen, click the Launch Instance button, which will redirect you to the Instances screen.
On the Instances screen the New Instance panel will display. Under the second column labeled Disks, under New Instance Boot Disk select VyOS from the dropdown list. For the purposes of this guide we will leave the remaining options at their default value. This includes at least one private and one public address attached.
Once you have defined your requirements, click Create and Start to create and start the instance.
Connecting to Your VyOS Instance
Unlike Ubuntu or CentOS instances, VyOS does not support automatic SSH key injection by the OrionVM user panel, and SSH is actually disabled by default. You can always access the instance remotely using our Out-of-Band Console Access.
The default username for VyOS instances is
vyos and the default password is
You must enter configuration mode to make changes to your VyOS instance's configuration:
You will be able to tell if you are in configuration mode if your terminal looks similar to below (notice the hash instead of the tilde).
[ edit ] vyos@vyos#
After making the necessary changes, you can
commit to apply the changes and
save to keep them constant between reboots:
You can exit configuration mode by typing
Viewing Your Configuration
It may be useful at times to view your current active configuration to diagnose networking issues. While NOT in configuration mode the following command will show the current configuration in a JSON style format:
You can also view your configuration as a sequence of VyOS commands using the following command:
show configuration commands
Changing the Root Password
After creating your VyOS instance we recommend that you change the root password for security reasons.
To change a password for a user you enter configuration mode and use the following command:
set system login user <user> authentication plaintext-password <password>
For example, to change the password for the
vyos account you do the following:
configure set system login user vyos authentication plaintext-password <password> commit save
You can also create new user accounts. VyOS supports two levels of users: admin and operator, where operator is restricted to viewing the system configuration while admin can edit them. For example, to create a user account for John Smith and set it as an admin we would enter the following:
configure set system login user jsmith full-name "John Smith" set system login user jsmith authentication plaintext-password <password> set system login user jsmith level admin commit save
Setting Up the Interfaces
To connect your VyOS instance to your public and private network you must configure them manually. In this example, eth0 refers to the private IP address (192.168.0.1/24), and eth1 refers to the public IP address (18.104.22.168/24). You must also configure the default gateway to use the gateway address of the public interface (22.214.171.124 in this case):
configure set interfaces ethernet eth0 description "Private Network" set interfaces ethernet eth0 address 192.168.0.1/24 set interfaces ethernet eth1 description "Public Network" set interfaces ethernet eth1 address 126.96.36.199/24 set system gateway-address 188.8.131.52 commit save
Setting Up DNS Forwarding
A DNS forwarder is a DNS server that is used to forward DNS queries for external DNS names to DNS servers outside that network. We must configure this manually in VyOS. In this example, we will use Google's IP addresses 184.108.40.206 and 220.127.116.11 as our DNS servers. eth0 is the name of our private network to forward requests from.
configure set service dns forwarding cache-size '0' set service dns forwarding listen-on 'eth0' set service dns forwarding name-server '18.104.22.168' set service dns forwarding name-server '22.214.171.124' commit save
Configuring the Source NAT
We must configure the Source NAT so that traffic from our private network can access the public internet via
set nat source rule 100 outbound-interface 'eth1' set nat source rule 100 source address '192.168.0.0/24' set nat source rule 100 translation address masquerade
If required you can enable ssh on the VyOS instance using the following commands:
configure set service ssh port 22 commit save
SSH Key Authentication
For added security you can add SSH keys for users via the console. You can load keys from a remote location:
loadkey <USER> http://remote-site/id_rsa.pub
You can also load keys from a local file:
loadkey <USER> /home/<USER>/id_rsa.pub
If required you can disable password authentication for ssh as follows:
configure set service ssh disable-password-authentication commit save