Configuration Mode
configure Enter configuration mode commit Apply pending changes save Save configuration to disk exit Exit configuration mode discard Discard uncommitted changes compare Show uncommitted changes rollback N Rollback to revision N Show Commands
show configuration Display full config show interfaces List all interfaces show ip route Display routing table show system commit Show commit history show log View system logs show version Display VyOS version show system storage Check disk usage Interfaces
set interfaces ethernet eth0 address 192.168.1.1/24 Set IP address set interfaces ethernet eth0 description "WAN" Set description delete interfaces ethernet eth0 address Remove IP set interfaces ethernet eth0 disable Disable interface set interfaces wireguard wg0 ... Configure WireGuard set interfaces vxlan vxlan0 ... Configure VXLAN Routing - Static
set protocols static route 0.0.0.0/0 next-hop 192.168.1.254 Default route set protocols static route 10.0.0.0/8 blackhole Blackhole route set protocols static route 10.0.0.0/8 next-hop 10.1.1.1 distance 10 With admin distance Routing - OSPF
set protocols ospf area 0 network 10.0.0.0/24 Add network to area set protocols ospf parameters router-id 1.1.1.1 Set router ID set protocols ospf passive-interface eth0 Passive interface set protocols ospf redistribute connected Redistribute connected show ip ospf neighbor Show OSPF neighbors Routing - BGP
set protocols bgp system-as 65001 Set local AS set protocols bgp neighbor 10.0.0.2 remote-as 65002 Add neighbor set protocols bgp address-family ipv4-unicast network 10.1.0.0/16 Advertise network show bgp summary BGP summary show bgp ipv4 unicast Show BGP routes Firewall
set firewall group network-group LAN network 192.168.0.0/16 Create network group set firewall ipv4 name WAN-IN rule 10 action accept Add rule set firewall ipv4 name WAN-IN rule 10 state established Match state set interfaces ethernet eth0 firewall in name WAN-IN Apply to interface NAT
set nat source rule 10 outbound-interface name eth0 Source NAT interface set nat source rule 10 source address 192.168.0.0/16 Source network set nat source rule 10 translation address masquerade Masquerade set nat destination rule 10 destination port 443 Port forward set nat destination rule 10 translation address 192.168.1.10 Forward to host VPN - WireGuard
generate pki wireguard key-pair Generate keys set interfaces wireguard wg0 port 51820 Set listen port set interfaces wireguard wg0 private-key <key> Set private key set interfaces wireguard wg0 peer <peer> allowed-ips 10.0.0.0/24 Add peer show wireguard WireGuard status Services
set service dhcp-server shared-network-name LAN ... DHCP server set service dns forwarding listen-address 192.168.1.1 DNS forwarder set service ntp server time.google.com NTP server set service ssh port 22 SSH config set service snmp community public SNMP setup