VyOS Project October Update

Hi everyone,

Last two weeks was pretty busy, and we attended multiple events, so I decided to share what happens with all of you.

On behalf of Sentrium,  I (Yuriy Andamasov, that is) with other Sentrium employees visited VMworld, OpenStack Summit, and a meeting held by an ISP consortium known as Guifi  in Barcelona this October.

Among other things, one of my goals was to find out if there’s any interest in VyOS in the enterprise and cloud markets. I’m excited to see that VyOS seems to be the best deal for many use cases. There are so many cool applications and technologies around, many of them require networking, other provide networking functions and/or orchestration functions for large deployments.

However, many people are interested in integration with management tools and other software, so we came to the conclusion that it’s a good idea to provide integration with VMware NSX and OpenStack Neutron at least, as they are quite popular. Of course, we need your help with it. If you are interested, or even already working on it, feel free to contact us, come to Phabricator or the IRC channel, or contact me personally by email (yuriy@sentrium.io) or in the RocketChat (I’m syncer there).

I’ve also had a great conversation with Netronome people regarding their SmartNICs and VyOS and how we can collaborate on open source solutions which get best from software and hardware worlds and hopefully this collaboration can bring us some truly impressive results.

As we realized and as strange it is to us, many people just never heard about VyOS and only some of them heard something about Vyatta Core, so we are trying to raise awareness of it, and that was one of the reasons I attended those events. We made some leaflets with information about the project, and I handed them out at all those events I attended. We’ll make a PDF and Scribus source files available soon so that you can print them for your own use if you are going to attend an event and promote VyOS there.

We also gave a talk about VyOS at the  Guifi meeting. Guifi members are building a big community network here in Spain, and we think that VyOS is a perfect match to this effort. Later this year we are going to give a more detailed technical talk, discuss the challenges they are having and see how VyOS can help them make their network better.

We hope this effort will help VyOS to acquire a wider community interested in open source networking. Remember that even if you are not a programmer, there are still lots of things you can help with, such as testing, feature design discussion, documentation, howtos, and just helping other community members on our forum or chat.

In other news, there will be a few more designs was added and another few will be available soon in our merchandise store

Now when this streak of community building events is over, we all can get back to working on the code. 

Daniil(dmbaturin) is working on the 1.1.8 maintenance release and messing around with the nextgen VyOS prototype, and 1.2.0 beta still needs your testing, so please, pick up it here and give it a try, but remember that it still not production ready.

Informal meeting of VyOS users in Barcelona

If you are in Barcelona this October, we have some news for you.

There is a plan to organize an informal meeting of VyOS users and all interested in open source routing, roughly at the same time as VMworld and the OpenStack Summit. 

The current idea is October the 17th at 19-00 for VMWorld week

and on 24th 19-00 on OpenStack Summit week, though it's not set in stone yet 

Who's in charge

Yuriy Andamasov (syncer on #vyos) is the initiator and the primary contact.
On behalf of Sentrium Yuriy and Santiago will take care about administrative questions.

Note: None of the maintainers planning to attend, so if you want to discuss specific issues with the code and contributing to it, it's likely not the best place to ask. 
Yuriy is one of VyOS infrastructure admins and the community manager, so feel free to discuss these issues with him. If you want to contribute to VyOS but don't know where to start, feel free to ask him and he can suggest some tasks to work on too.

What's planned

A walk around Barcelona places and have informal talks about VyOS, virtualization, networking and other IT and non-IT subjects. 
There is no plan to have a formal meeting with talks prepared in advance or anything else at this time, though if there is an interest in it, perhaps it's possible to arrange it.
The idea is for VyOS users and everyone interested in VyOS and open source routing in general, to come together and socialize over sightseeing/food/etc. in great city Barcelona

Want to participate?

Go to https://www.meetup.com/VyOS-Default-Route-Barcelona/events/234567678/, register, and leave your comments. If you want to sponsor laptop stickers, t-shirts, or anything else for the attendees, it will be appreciated. In exchange, we can put your company logo on the VyOS brochure that Yuriy will be distributing at VMworld and OpenStack Summit.

VyOS virtual meeting notes - 14 September 2016

We hosted our first VyOS virtual meeting here in September and invited both developers and enthusiasts to attend. The meeting was held on September 14th at 18:00 UTC and all in all we had about 11 participants join. Yuriy Andamsov (syncer) brought this idea of a virtual meeting to fruition, thank you Yuriy!

Meeting summary:

VyOS 1.1.8 release
We discussed the general question of whether this should be a maintenance-only release or whether new features should be included. The community has readied a few new features which could easily be imported to this release. In general, past VyOS micro releases have included new features as long as they are safe, low risk changes. There was a lot of discussion about this topic mostly related to where developer time is best spent and whether making this a maintenance-only release would help justify more effort from the community to put towards v1.2. In the end we agreed that 1.1.8 will include backports of a few new features, but only where it's not a major headache or risk to do so.

Web GUI discussion
Mihail brought up the work he's been doing on a web GUI front-end for VyOS. His work can be found here:


General consensus on a web GUI is that it's a nice to have, not a requirement at the moment for the project. We might look to integrate this at some point in the 1.2 future or beyond.

The move to Jessie (VyOS 1.2)

Here's where we are.  We have nightly builds for VyOS 1.2 based on Debian Jessie.  The original VyOS code base is challenging and there's no current automated testing system, so we need testers.  We agreed that one thing we need is visibility on what testing has been done so far.  If you have tested a 1.2 nightly build or would like to, please see this thread to view and get access to the testing matrix.

Jason Hendry mentioned a side project which some Mintel hackers had started on, using serverspec to automate tests of VyOS nightly builds.  On top of doing some manual testing of the nightly builds and contributing to the spreadsheet, he's going to look into getting the serverspec base pushed into CI.

Community Members Present

We had a lot of responses to the original phabricator thread.  Unfortunately not everyone could make it, and also a few people weren't able to join because we hit limits with maximum number of participants in Google Hangouts.  Next meeting we will try a different piece of technology.

  • Jason Hendry (jhendryUK)
  • Daniil Baturin (Dmbaturin)
  • Kim Hagen (UnicronNL)
  • Paul Fitzgerald
  • Michael Zimmerer (mtz4718)
  • Mihail Vasilev (mickvav)
  • Ewald van Geffen (Feedmytv)
  • Patrick van Staveren (trickv)
  • Yuriy Andamsov (syncer)
  • Bronislav Robenek (BillyTheCzech)
  • Amos Shapira
We took some meeting notes which are currently available only on Google Docs but will be centralized somewhere agreeable in the future.

Feedback & Next Meeting
If you would like to join the next meeting, please comment on Q55 in Phabricator to get yourself on the list.  Hope to see you there!

CVE-2016-5696, development meeting, and other things

TCP vulnerability and its fix

There was a vulnerability discovered in the implementation of TCP in Linux (CVE-2016-5696) that is remotely exploitable and allows an attacker to impersonate a connected user. For a hotfix on a live system, you can add sudo sysctl net.ipv4.tcp_challenge_ack_limit=1000000000 to /config/scripts/vyatta-postconfig-bootup.script. The fix will be included in the 1.1.8 release.

Development meetup

Today at 18:00 UTC we will hold a development meeting, everyone is invited to join. It was discussed in phabricator (https://phabricator.vyos.net/Q41) originally, and most people voted for Google Hangouts, so that's what we'll use. I'm not fond of it myself, but so be it.

If you want to participate, fill the form here: https://goo.gl/forms/PBarp2bPWvAncQtJ2 so that we know your email address and can send you an invite.

It will be a semi-structured format, the agenda is the following:

  • 1.1.8 maintenance release and what backports to include in it
  • 1.2.0 and how to go about verifying that it actually works
  • VyOS 2.0 (the clean rewrite) design principles
  • Strategies for attracting more contributors

Rocket Chat

Lately we've setup Rocket Chat , an open source chat platform with some interesting features, including voice support, offline logs, and more. If it works well, we can use it for future development meetings, and possibly other things as well. If you want to give it a try, visit https://chat.vyos.io


1.2.0 beta2

People keep asking about 1.2.0-beta2. The truth is, if we build some image, and call it 1.2.0-beta2, nothing will change really. You can always get the latest nightly build from http://dev.packages.vyos.net/iso/current/amd64/ and start testing it. Maybe when it's stable enough for at least non-critical production environments, we will call it beta2, but until then, nightly builds is really a better way to go.

VyOS shirts

A bit to our surprise, there was some interest in VyOS shirts (https://teespring.com/stores/vyos), but they also created a bit of confusion as to what it costs and where the profit goes.

The base cost of the shirt around $15/EUR 10, so the "retail price" is some $5 higher than the base cost. Any profit from it will be used for things directly related to VyOS, such as domain renewals and the like (if the shirts somehow become popular enough to pay for anything else, we'll see what else we can do with it).

We need to come up with some convenient way to make the ledger public so that everyone can see what we received what it was used for.

VyOS remote management library for Python

Someone on Facebook rightfully noted that lately there's been more work on the infrastructure than development. This is true, but that work on infrastructure was long overdue and we just had to do it some time. There is even more work on the infrastructure waiting to be done, though it's more directly related to development, like restructuring the package repos.

Anyway, it doesn't mean all development has stopped while we've been working on infrastructure. Today we released a Python library for managing VyOS routers remotely.

Before I get to the details, have a quick example of what using it is like:

import vymgmt

vyos = vymgmt.Router('', 'vyos', password='vyos', port=22)


vyos.set("protocols static route next-hop")
vyos.delete("system options reboot-on-panic")


If you want to give it a try, you can install it from PyPI ("pip install vymgmt"), it's compatible with both Python 2.7 and Python 3. You can read the API reference at http://vymgmt.readthedocs.io/en/latest/ or get the source code at https://github.com/vyos/python-vyos-mgmt .

Now to the details. This is not a true remote API, the library connects to VyOS over SSH and sends commands as if it was a user session. Surprisingly, one of the tricky parts was to find an SSH/expect library that can cope with VyOS shell environment well, and is compatible with both 2.7 and 3. All credit for this goes to our contributor who goes by Hochikong, who tried a whole bunch of them, settled with pexpect and wrote a prototype.

How the library is better than using pexpect directly, if it's a rather thin wrapper for it? First, it's definitely more convenient to just call set() or delete() or commit() than to format command strings yourself and take care of the sending and receiving lines.

Second, common error conditions are detected (through simple regex matching) and raise appropriate exceptions such as ConfigError (for set/delete failures) or CommitError for commit errors. There's also a special ConfigLocked exception (a subclass of CommitError) that is raised when commit fails due to another commit in progress, so you can recover from it by sleep() and retry. This may seem uncommon, but people who use VRRP transition scripts and the like on VyOS already reported that they ran into it.

Third, the library is aware of the state machine of VyOS sessions, and will not let you accidentally do wrong things such as trying to enter set/delete commands before entering the conf mode. By default it also doesn't let you exit configure sessions if there are uncommited or unsaved changes, though you can override it. If a timeout occursm an exception will be raised too (while pexpect returns False in this case).

Right now it only supports set, delete, and commit, of all high level methods. This should be enough for the start, but if you want something else, there are generic methods for running op and conf mode commands (run_op_mode_command() and run_conf_mode_command() respectively). We are not sure what people want most, so what we implement depends on your requests ans suggestions (and pull requests of course!). Other things that are planned but that aren't there yet are SSH public key auth and top level words other than set and delete (rename, copy etc.). We are not sure if commit-confirm is really friendly to programmatic access, but if you have any ideas how to handle it, share with us.

On an unrelated note, syncer and his graphics designer friend made a design for VyOS t-shirts. If anyone buys that stuff, the funds will be used for the project needs. The base cost is around 20 eur, but you can get them with 15% discount by using VYOSMGTLIB promo code: https://teespring.com/stores/vyos?source=blog&pr=VYOSMGTLIB

The new website is now live

Hi everyone,

The new website is now live. There are still some rough edges (typos, odd links, odd wording etc.), if you find anything like this, let us know. But overall it does what it's supposed to do, tells newcomers what VyOS is and provides quick links to downloads and other resources to existing users.

Here's an explanation of what happened exactly. Before that, vyos.net and vyos.org were pointing at the wiki host, and the wiki main page used to serve as our primary website. It means there are quite a few links like http://vyos.net/wiki/Something on the net, and simply pointing that domain at the host with the new website would create quite some link rot.

To avoid this, we've setup two conditional redirects, one redirects vyos.net/wiki/Something to wiki.vyos.net/wiki/Something, another one redirects everything else to vyos.io. So far it seems to work properly, but if you notice any issues with it, such as links that are not redirected correctly, let us know.

P.S. we added some merch(not much but we will add more soon) to our store, please check out https://teespring.com/stores/vyos

wiki.vyos.net now uses the new recaptcha (meaning: way easier to edit)

Hi everyone,

I like to joke about "wiki.vyos.net, a free encyclopedia no one bothers to edit", but there was a thing that actually made it rather inconvenient to edit for people, regardless of their willingness to edit it.

I mean the subnet captcha. If you haven't seen it, it made you calculate a broadcast address of a random subnet to register an account or edit a page. Everyone hated it, including me, and I had to add a number of active editors to a group that is exempt from it, by hand, so that it doesn't keep haunting them.

What's worse is that after a MediaWiki update it stopped working for a mysterious reason which I couldn't quickly debug, so I thought it may be a good time to reconsider it. Now there's the new reCAPTCHA instead, the one that wants you to click an "I'm not a robot" checkbox. For most users, it is trivial to solve, and it proved fairly effective at mitigating spam, so I think at least for now it may be the best solution for everyone.

Still, it's not entirely without controversy. There still may be accessibility converns and, since it's a third-party service, privacy concerns. If the captcha is giving you troubles, we still may make you exempt from it if you tell us your account and explain the issue.

If you, luckily for you, haven't seen the introduction of the subnet captcha, the story was that the wiki (a Vyatta wiki  back then, vyattawiki.net) had all its content replaced with spam overnight, and the original reCAPTCHA did nothing to protect it. We had been having spam problems for a long time by that moment, and after that event, we thought we have to come up with something that will stop spam forever, and so I wrote the subnet captcha plugin, and it worked very well. Except making edits inconvenient for legitimate users of course. Now when it's gone, I hope we'll be getting more editors.

I hope more people will come and edit some pages. We are seriously lacking in the documentation department, but if everyone does a small bit, it's not really that hard. You don't need to write big chunks at once and document complete features, a brief description and a config example is a lot better than nothing.

vyos.net → wiki.vyos.net redirect

You may have noticed (or will notice soon) that http://vyos.net redirects to http://wiki.vyos.net. Don't worry, this is normal.

It's the first step in preparation to roll out the new website. When it goes live, the vyos.net and vyos.io domains will point to the new website, and the wiki will live on its own wiki.vyos.(net|io) domain.

Meanwhile you can view the future website at http://vyos.io/ and give us your feedback, if you haven't already.

dead.vyos.net and contributing to VyOS

Hi everyone,

This is a bit embarassing. For almost a day http://www.vyos.net (but not http://vyos.net) was sending people to the http://dead.vyos.net website, until someone on the IRC pointed it out (thanks for this!).

It happened due to an oddity in the way Apache HTTPD handles host aliases, and it's fixed now.

The dead.vyos.net website was created as a joke for giving the link to people who ask if VyOS project is dead. While the website is indeed a joke, the issue with lack of contributors is very real, and it does slow things down.

If you want to contribute to VyOS, there is a lot of work to be done, and the maintainers on the IRC and in phabricator will be happy to point you to beginner-friendly tasks and answer questions about the code and the patch submission process.

VyOS Project news

Hello, Community!

We have some great news to share! 

As some of you may already know, we are planning to run virtual meeting event for VyOS devs and users in near future.

So in case you want to participate, just fill up this form and of course join us on our dev. portal to stay in touch.

May admit that this summer is productive in all aspects:

Tremendous work towards VyOS 1.2 done and we going to present 1.2.0 beta 2 in some weeks! Thanks, to our super team!

We revived OVA distribution of VyOS some months ago and continued work in the direction of extensive VMWare Platform support; we also plan to deliver supported images for all other standard hypervisors like KVM, MS Hyper-V and VyOS on clouds markets for AWS, Azure, GCE.

VyOS is now available on SolidRun ClearFog device, credits for this great work to UnicronNL, this opens new applications for VyOS.

Ansible starting from version 2.2 able to configure VyOS, so if you using Ansible, give it a try! We on other hand working on standalone management library for Python.

We receive many requests regarding GUI, and yes we are listening to them. Last four months we dedicated a lot of time to studies regarding possible ways of delivery such  UI. Apart from technical challenges, there are other problems to take into account(like service providers don't want GUI, while SMBs and ROBOs show high demand). We are working to bring satisfaction to all users without sacrifices from any side. So basically yes, it will be GUI in near future, but there are not ETAs for now.  

We believe that affordable open source routing platform and NFV should be accessible to everyone out there

Want to participate???

Join us on social networks and spread the word about VyOS - Twitter, RedditFaceBook, Google+, Linkedin 

Participate in discussions on forum and of course join us on development portal 

VyOS is a community-driven Linux-based network operating system for routers and firewalls