Introduction

VyOS is provided as a template for software-defined networking. Refer to the sidebar sections for information on its use.

Official documentation from Vyatta, the previous iteration of the operating system, can be requested from the support team.

Creating a new user

When starting a new VyOS instance, it is generally recommended to create a new privileged user, and change the password of the default user, (username and password of vyos), as the default user can't be deleted. Optionally you can just use the default user, but change the password.

First, we will need to go into configuration mode, which can be done with a simple command (from which all changes will be made).

configure

You will be able to tell if you're in configuration mode if you're terminal looks similar to below (notice the hash instead of the tilde).

[ edit ]
vyos@vyos# 

From here a new user can be created, given a password and admin privileges.

set system login user <USER> authentication plaintext-password <PASSWORD>
set system login user <USER> level admin

Besides admins, there are also operators. These users are able to view configurations and view information about the system, but are unable to make changes to the configuration. They can be configured by setting their level to operator rather than admin.

This needs to be committed and then saved.

commit
save

Exit this, and return to the normal terminal.

exit

Now login as the new user, if you did create a new one (type exit on the command line to return back to the login screen). The host-name can also be set (optional).

configure
set system login user vyos authentication plaintext-password <PASSWORD>
set system host-name <HOST-NAME>

commit
save

The password of the default user should then be changed (especially if you plan to use the vyos user).

set system login user vyos authentication plaintext-password <NEW-PASSWORD>

commit
save

Setting up the interfaces

The interfaces should now be set up. In this example, eth0 refers to the private IP address (10.0.0.1/24), and eth1 refers to the public IP address (23.90.55.23/24). These interfaces need to be defined (as well as the gateway, 23.90.55.1 in this case) in the configuration before they can be used. Make sure you're still in configuration mode.

set interfaces ethernet eth0 description "Private Network"
set interfaces ethernet eth0 address 10.0.0.1/24
set interfaces ethernet eth1 description "Public Network"
set interfaces ethernet eth1 address 23.90.55.23/24

set system gateway-address 23.90.55.1

commit
save

Setting up ssh

Setting up ssh is useful, and might make future configurations easier. Here we'll set the ssh port to 22, although it can be changed to any port

set service ssh port 22
commit
save

For security reasons, it would be safer to user only rsa keys. The key needs to be loaded in remotely, and can be done through either scp, ftp, http, tftp or from a local file.

loadkey <USER> http://remote-site/id_rsa.pub

Using a password for ssh should then be disabled.

set service ssh disable-password-authentication
commit
save

You should now be able to ssh in (note that no firewall has been defined yet, so there is no rule blocking this).

Using commands

When editing configurations, "edit" can be used to edit certain parts of the configuration, reducing the amount of typing needed. For example, when setting the interfaces the following could have been done instead.

edit interfaces
set ethernet eth0 description "Private Network"
set ethernet eth0 address 10.0.0.1/24
set ethernet eth1 description "Public Network"
set ethernet eth1 address 23.90.55.23/24

As can be seen this reduces the amount of typing needed. This can also be used to move through configuration levels, using up to go up one, edit <OPTION> to move into the desired configuration, and top to go to the top level (note that committing also does a top afterwards). For simplicity's sake it can be assumed that all configurations are made from the top level.

Deleting configurations is just as simple. For example, deleting eth1 could be done with the following command (assuming at the top level).

delete interfaces ethernet eth1

It's also possible to use shortened commands, eg conf instead of configure, as long as what is typed can only be autocompleted (using tab) to that command.