VyOS is forked from the Vyatta community, is a network operating system that provides software-based network routing, firewall and VPN functionality. VyOS is based on Debian GNU/Linux and is fully open source free. VyOS can run on physical devices and virtual platforms, supporting integration packages for para-virtual drives and virtual platforms.
VLANs:802.1q and QinQStatic and dynamic routing:BGP for IPv4 and IPv6, OSPFv2, RIP, RIPng, policy-based routing, equal cost multi-pathFirewall:Firewall rulesets for IPv4 and IPv6 traffic you can assign to interfaces, zone-based firewall, address/network/port groups for IPv4 firewallsTunnel interfaces:PPPoE, GRE, IPIP, SIT, static L2TPv3, VXLANVPN:Site-to-site IPsec for IPv4 and IPv6, L2TP/IPsec server, PPTP server, OpenVPN for site-to-site and remote accessNAT:Source NAT, port forwards, one to one, one to many, and many to many translationsDHCP:DHCP and DHCPv6 server and relayRedundancy:VRRP, connection table synchronizationFlow accounting:NetFlow and sFlowProxy:Web proxy and URL filteringShaping:QoS policies (drop tail, fair queue, and others), traffic redirection.
- VRRP enhancements: IPv6, custom health check scripts, unicast VRRP, redesigned CLI
- High performance PPPoE server based on Accel-PPP
- BGP: support for large communities and RPKI
- mDNS repeater
- Broadcast relay
- QoS: HFSC scheduler support
- Support for 802.1ad-compliant QinQ ethertype
- Multiple small improvements(see changelog)
- P2P filtering was removed, the implementation that is used has been abandoned by its maintainers. A new implementation is considered.
- Telnet server is removed but can be reintroduced if there’s demand for it.
- “install system” command is removed because it’s been obsoleted by “install image” long ago
- “set system package repository” commands were removed because image upgrade is the only supported upgrade method, and because it migrating their valued to a new distro is undecidable.
Important behavior changes:
- VyOS no longer acts as an NTP server by default. You can enable it with “set system ntp server allow-access”
- BGP no longer enables IPv4 address family for peers with IPv4 addresses if “no-default-ipv4-unicast” option is set.