Getting Started

VyOS is provided by OrionVM as a template for software-defined networking. You can use a VyOS instance as a router and firewall for your private network.

This section will step you through the process of creating your very own VyOS instance. Please disregard this section if you have already created your VyOS instance.

The following sections will guide you through the process of setting up basic port forwarding, OpenVPN, L2TP VPNs, and configuring basic firewall settings in VyOS.

Creating Your VyOS Instance

You create a VyOS instance from a template, much like an Ubuntu or CentOS instance. From the Dashboard screen, click the Launch Instance button, which will redirect you to the Instances screen.

On the Instances screen the New Instance panel will display. Under the second column labeled Disks, under New Instance Boot Disk select VyOS from the dropdown list. For the purposes of this guide we will leave the remaining options at their default value. This includes at least one private and one public address attached.

Once you have defined your requirements, click Create and Start to create and start the instance.

Connecting to Your VyOS Instance

Unlike Ubuntu or CentOS instances, VyOS does not support automatic SSH key injection by the OrionVM user panel, and SSH is actually disabled by default. You can always access the instance remotely using our Out-of-Band Console Access.

The default username for VyOS instances is vyos and the default password is vyos.

Configuration Mode

You must enter configuration mode to make changes to your VyOS instance's configuration:


You will be able to tell if you are in configuration mode if your terminal looks similar to below (notice the hash instead of the tilde).

[ edit ]

After making the necessary changes, you can commit to apply the changes and save to keep them constant between reboots:


You can exit configuration mode by typing exit:


Viewing Your Configuration

It may be useful at times to view your current active configuration to diagnose networking issues. While NOT in configuration mode the following command will show the current configuration in a JSON style format:

show configuration

You can also view your configuration as a sequence of VyOS commands using the following command:

show configuration commands

Changing the Root Password

After creating your VyOS instance we recommend that you change the root password for security reasons.

To change a password for a user you enter configuration mode and use the following command:

set system login user <user> authentication plaintext-password <password>

For example, to change the password for the vyos account you do the following:

set system login user vyos authentication plaintext-password <password> 

Creating Accounts

You can also create new user accounts. VyOS supports two levels of users: admin and operator, where operator is restricted to viewing the system configuration while admin can edit them. For example, to create a user account for John Smith and set it as an admin we would enter the following:

set system login user jsmith full-name "John Smith"
set system login user jsmith authentication plaintext-password <password> 
set system login user jsmith level admin 

Setting Up the Interfaces

To connect your VyOS instance to your public and private network you must configure them manually. In this example, eth0 refers to the private IP address (, and eth1 refers to the public IP address ( You must also configure the default gateway to use the gateway address of the public interface ( in this case):


set interfaces ethernet eth0 description "Private Network"
set interfaces ethernet eth0 address
set interfaces ethernet eth1 description "Public Network"
set interfaces ethernet eth1 address

set system gateway-address


Setting Up DNS Forwarding

A DNS forwarder is a DNS server that is used to forward DNS queries for external DNS names to DNS servers outside that network. We must configure this manually in VyOS. In this example, we will use Google's IP addresses and as our DNS servers. eth0 is the name of our private network to forward requests from.


set service dns forwarding cache-size '0'
set service dns forwarding listen-on 'eth0'
set service dns forwarding name-server ''
set service dns forwarding name-server ''


Configuring the Source NAT

We must configure the Source NAT so that traffic from our private network can access the public internet via eth1.

set nat source rule 100 outbound-interface 'eth1'
set nat source rule 100 source address ''
set nat source rule 100 translation address masquerade

Enabling SSH

If required you can enable ssh on the VyOS instance using the following commands:

set service ssh port 22

SSH Key Authentication

For added security you can add SSH keys for users via the console. You can load keys from a remote location:

loadkey <USER> http://remote-site/

You can also load keys from a local file:

loadkey <USER> /home/<USER>/

If required you can disable password authentication for ssh as follows:

set service ssh disable-password-authentication