VyOS is provided as a template for software-defined networking. Refer to the sidebar sections for information on its use.
Official documentation from Vyatta, the previous iteration of the operating system, can be requested from the support team.
Creating a new user
When starting a new VyOS instance, it is generally recommended to create a new privileged user, and change the password of the default user, (username and password of vyos), as the default user can't be deleted. Optionally you can just use the default user, but change the password.
First, we will need to go into configuration mode, which can be done with a simple command (from which all changes will be made).
You will be able to tell if you're in configuration mode if you're terminal looks similar to below (notice the hash instead of the tilde).
[ edit ] vyos@vyos#
From here a new user can be created, given a password and admin privileges.
set system login user <USER> authentication plaintext-password <PASSWORD> set system login user <USER> level admin
Besides admins, there are also operators. These users are able to view configurations and view information about the system, but are unable to make changes to the configuration. They can be configured by setting their level to operator rather than admin.
This needs to be committed and then saved.
Exit this, and return to the normal terminal.
Now login as the new user, if you did create a new one (type exit on the command line to return back to the login screen). The host-name can also be set (optional).
configure set system login user vyos authentication plaintext-password <PASSWORD> set system host-name <HOST-NAME> commit save
The password of the default user should then be changed (especially if you plan to use the vyos user).
set system login user vyos authentication plaintext-password <NEW-PASSWORD> commit save
Setting up the interfaces
The interfaces should now be set up. In this example, eth0 refers to the private IP address (10.0.0.1/24), and eth1 refers to the public IP address (188.8.131.52/24). These interfaces need to be defined (as well as the gateway, 184.108.40.206 in this case) in the configuration before they can be used. Make sure you're still in configuration mode.
set interfaces ethernet eth0 description "Private Network" set interfaces ethernet eth0 address 10.0.0.1/24 set interfaces ethernet eth1 description "Public Network" set interfaces ethernet eth1 address 220.127.116.11/24 set system gateway-address 18.104.22.168 commit save
Setting up ssh
Setting up ssh is useful, and might make future configurations easier. Here we'll set the ssh port to 22, although it can be changed to any port
set service ssh port 22 commit save
For security reasons, it would be safer to user only rsa keys. The key needs to be loaded in remotely, and can be done through either scp, ftp, http, tftp or from a local file.
loadkey <USER> http://remote-site/id_rsa.pub
Using a password for ssh should then be disabled.
set service ssh disable-password-authentication commit save
You should now be able to ssh in (note that no firewall has been defined yet, so there is no rule blocking this).
When editing configurations, "edit" can be used to edit certain parts of the configuration, reducing the amount of typing needed. For example, when setting the interfaces the following could have been done instead.
edit interfaces set ethernet eth0 description "Private Network" set ethernet eth0 address 10.0.0.1/24 set ethernet eth1 description "Public Network" set ethernet eth1 address 22.214.171.124/24
As can be seen this reduces the amount of typing needed. This can also be used to move through configuration levels, using
up to go up one,
edit <OPTION> to move into the desired configuration, and
top to go to the top level (note that committing also does a
top afterwards). For simplicity's sake it can be assumed that all configurations are made from the top level.
Deleting configurations is just as simple. For example, deleting eth1 could be done with the following command (assuming at the top level).
delete interfaces ethernet eth1
It's also possible to use shortened commands, eg
conf instead of
configure, as long as what is typed can only be autocompleted (using tab) to that command.