FAQ

= General Questions =

What is Vyatta?
Vyatta is a routing/firewall/VPN platform based on Debian GNU/Linux that runs on x86 hardware and many virtual machine hypervisors.

Should I try it?
It depends. If you are a network engineer/administrator or want to become one, you should. Vyatta is more like IOS, JunOS and other enterprise platforms, not like SOHO appliances (D-Link, Linksys etc.). You need to understand what you are doing to configure it.

What version should I install?
The latest one. Newer versions are always better than older.

How often are new versions released?
Vyatta Core is usually released two times a year. In case serious troubles are found in a release (usually security related), a maintenance release is done out of schedule. Sometimes it may take longer time to release a new version because of e.g. QA issues.

What are larkspur, mendocino, napa and other weird names?
These are development branch names. Developers and active community users often refer to releases by branch name, especially future releases that do not have number assigned yet. Branches are named after cities in California where Vyatta headquarters is located.

Branches and matching release numbers can be found at version history page.

What functions does Vyatta lack?
There are some. For instance it lacks Most of the currently lacking features are to be implemented in future releases.
 * MPLS,
 * PBR (can be done with a trick),
 * WebVPN,
 * PPTP and L2TP clients,
 * IPv6 flow accounting.

Does Vyatta support other hardware platorms (MIPS, ARM etc.) or will it support them in the future?
It does not. One of project goals is to make it work on widely used hardware. There are unoffical ports available. This is howto for the Openrd Ultimate (ARM)

= Installation =

What hardware requirements does Vyatta have?
Hardware requirements strongly depend on purpose your appliance is used for. For small branch offices Atom/C3 CPU and 256-384M RAM should be enough; for edge routers, large VPN concentrators and other high loaded appliances you should consider powerful servers.

How much disk space do I need?
At least 2 GB. More space is recomended to be able to upgrade your installation via image (see questions below).

How do I upgrade my installation?
Preferred way is to use image-based upgrade. Find the latest image and type command "add system image ". You may download the image to your appliance and specify path to file as the argument, or specify a remote URL.

Don not use 'full-upgrade -k', it may ruin your setup irrecoverable.

Can I install Vyatta on an embedded platform?
Basically yes. There are already many platforms community members installed Vyatta. If it is not possible to connect a CD drive to it, install on a disk or flash card on another machine with no network interfaces (otherwise their numeration will shift) and put it into target system.

Can I install on a CompactFlash?
You can, but you should reduce writing in this case (redirect logs to a remote syslog server etc.). It is better to use enterprise grade SLC cards rather than consumer grade.

Avoid using USB sticks in production, they are not intended for intensive usage and often fail.

What hypervisors can I use?
VMWare and XenServer are officially supported and appliance templates are provided for them. If you want to install on a Xen VM, use livecd-virt, it had Xen-aware kernel.

KVM and VirtualBox are known to work without troubles.

There are no reports about other hypervisors, but in theory they also should work.

= Usage =

How do I install debian packages?
First configure repositories. For versions higher than 6.0 use: set system package repository squeeze components 'main contrib non-free' set system package repository squeeze distribution 'squeeze' set system package repository squeeze url 'http://mirrors.kernel.org/debian' Then do "sudo apt-get update" and you can install packages with "apt-get install" as usual.

= Configuration =

How do I enter configuration mode?
configure

How do list the current config?
show

Once in configure, can I use commands that are normally available outside config mode ?
add "run" in front of the command, eg: run show interfaces

Can I see a history of commands given previously ?
history

How do I apply my changes?
commit

I am afraid my changes may break connectivity or make system inaccessible in other way. What should I do?
commit-confirm  If everything is ok, issue confirm If you do not issue "confirm" command in given MINUTES (default is 10), your router will reboot and rollback to previous configuration.

I changed configuration and then changed my mind about commiting them. What can I do?
discard

I added a user with "useradd"/edited a config in /etc and everything is lost after reboot!
Do not do this. Backend configuration files are created by vyatta code at config loading or commit. All configuration changes must be done with native CLI ("set" commands).

If you do not have in depth understanding of Vyatta code, it is better to forget it has Linux inside.

Is it possible to make vyatta show all the settings, line by line? So it is easy to use copy and paste ?
run the command "show configuration commands"

How do I enable web GUI?
For Vyatta Subscription do: set service https However if you are a newbie, it will not help you.

If you are running Vyatta Core, check out vyBuddy by Cartman.

Is any traffic filtering enabled by default?
No.

Is there a way to filter traffic originated by router itself?
Per-interface firewall for local only control inbound connectivity. If you use zone-policy firewall, you can restrict in or outbound traffic from the router.

I created a firewall instance, but it does not filter anything.
You should apply it to an interface to make it work.

If I have firewall enabled, is traffic described in NAT rules automatically enabled?
No, it is not. If you have both firewall and NAT, you should have both filtering rule to allow traffic and NAT rule to do translation.

= Troubleshooting =

How do I view logs?
Use operational command "show log" to view all log messages. You also may use "show log tail" comand to monitor latest messages in real time.

From version 6.4 and later, the command to show the logs in real time was changed to "monitor log".

= Other questions =

How do I shot web?
We dunno, lol.