#vyos — Public Fediverse posts

#floss #networking I need to replace a couple of old network switches.

Are there any companies doing open source switch hardware and software? I would like to tinker.

- 1U
- 12 or more10G fiber ports
- a couple of faster uplinks would be nice
- decent RESTish API or ansible support

Something like https://vyos.io #vyos seems suitable but it looks like I would have to diy my own hardware

I'm trying to build a list of Ethernet switch devices that can run normal(ish) Linux builds with hardware (L2 or L3) switch offloading via `switchdev`.

I know about Mellanox SN* switches and a few Banana Pis (R4, at least). The Ubiquiti ER-4 and -6 seem to have a Nix port, so they're probably also on the list.

Does anyone know anything else that would fit?

I'm in the middle of making VyOS work on my Mellanox SN2010 (18x SFP28, 4x QSFP28), and I'd like to assemble a list of other switches that could also be useful with VyOS. Non x86 is just fine.

#linux #switchdev #networking #vyos

Remember that massive Debian family tree thread? It officially has a home on my Codeberg now.

I have cleaned it up, fixed the links, and organized it so it is easier to navigate. If you are looking for a non-Ubuntu Debian based distro, this is a decent place to start.

View the list here: https://codeberg.org/resplendent606/terminal-tilt/src/branch/main/docs/debian-distros.md

Pull Requests are welcome, or you can just tell me here.

RE: https://climatejustice.social/@resplendent606/115788867728385803

#Debian #GNULinux #GNU #Linux #Privacy #SysAdmin #Tech #OpenSource #LMDE #LinuxMint #Mint #MXLinux #Deepin #PeppermintOS #antiX #SparkyLinux #BunsenLabs #Elive #AVLinux #NeptuneOS #KaliLinux #Kali #Tails #Whonix #Proxmox #OpenMediaVault #GRML #FINNIX #Knoppix #RaspberryPi #Pi #VyOS #Devuan #PureOS #Nitrux #EndlessOS #Emmabuntüs #Siduction #Bashcore #VanillaOS #TrueNAS #TrueNASScale #WindowMakerLive #Neptune #blendOS #crunchbang #Mobian #Droidian #FuriOS #LuneOS #Slax

Interested in running #vyos on non-x86 hardware?

Let's meet at #39c3

https://events.ccc.de/congress/2025/hub/en/event/detail/vyos-on-non-x86-meetup

I love using Debian. I think it is so interesting that so many distros have been or currently are based on Debian. While I prefer vanillia Debian, I wanted to list all of the Debian based distros (non-Ubuntu) I know of and categorize them based on what makes them unique.

Daily Drivers (Ease of use):

LMDE - Linux Mint + Debian, no Ubuntu, Mint polish
MX Linux - MXTools is helpful
Deepin - Beautiful, preconfigured desktop, from China.
Peppermint_OS – Lightweight, cloud integrated, snappy
Neptune - Polished KDE Plasma on stable Debian w/newer kernels.
SpiralLinux – Pure Debian with modern defaults (Btrfs, ZRAM).
SolydXK – Simplified XFCE/KDE desktops for stability.
Lingmo OS / Mauna Linux / Br OS - Recent, beautiful desktops (China/Brazil)

Modern/Atomic (Immutable):

Vanilla OS - Atomic updates, can run Fedora/Arch apps via Apx.
blendOS - Atomic, lets you choose DE (KDE, XFCE, etc), can install applications from other Linux distros.
Nitrux - Immutable, no systemd (OpenRC), Maui shell, immutable, heavy reliance on AppImage

High Performance and Gaming:

Siduction - Rolling release based on Debian Sid.
SparkyLinux - Great for gaming, newer drivers.
PikaOS - Gaming with high-performance kernel opimizations.

Multimedia/Creative:

AV Linux (MX Edition) – Preconfigured w/low-latency kernel for audio production.

Minimalist:

BashCore - Ultra minimalist, branding free CLI environment.
Slax - Modular, tiny, runs from a USB stick.

Performance and Old Hardware (Lightweight):

antiX - No systemd, runs on a toaster (256MB RAM)
CrunchBang++ (#!++)- Minimalist, Debian + Openbox, continuation of original Crunchbang.
BunsenLabs - minimalist OpenBox, keyboard centric.
Window Maker Live - 90s NeXTSTEP look, fast, retro.
Puppy Linux (DPup) - Runes entirely on RAM, fast.
Elive - Enlightenment desktop, high-end looks for 20 year old hardware.
Damn Small Linux - Stays under 700MB.
wattOS - Low power consumption and simplicity.
Q4OS – Trinity desktop, can mimic Windows XP/7.
Commodore OS Vision - Retro computing aesthetic.

Security, Privacy, and Stealth:

Qubes OS - Isolates everything inside Xen VMs, has Debian and Fedora as default templates.
Tails - Amnesic "Snowden" OS, leaves no trace on hardware.
Whonix - Extreme privacy via dual-VM gateway/workstation.
Kodachi - Hardened, pre-routed live OS alternative to Tails.
Septor – Surf the web anonymously.
Kicksecure - Hardened Debian layer (the base for Whonix).

IT and SysAdmin Toolbox:

Kali Linux/Parrot OS - "Hackerman" suites for penetration testing.
GParted Live/Dr. Parted - Disk partitioning
Grml/Finnix/Knoppix - "Oh Shit Buttons", emergency ktis for broken PCs.
SysLinuxOS/Kaisen - Built for network admins and system integrators.

Servers, Cloud, and Self Hosting:

Proxmox VE - Server, machine host for VMs
TrueNAS Scale - NAS, built for ZFS storage and applications.
OpenMediaVault - Turns old hardwrae into NAS
umbrelOS/StartOS/YunoHost - self-host your own cloud.
Univention (UCS) - Professional Debian for corporate identity mangement.

Network & Radio Engineering:

Live Raizo – Specialized lab environment for network admins to simulate and experiment with complex network topologies (integrated with GNS3).
Skywave Linux – Built for Software Defined Radio (SDR) and shortwave enthusiasts. Preconfigured with specific drivers and software needed to communicate on the airwaves.
VyOS – Network OS for routers and firewalls.

Embedded, IoT, and Media:

Raspberry Pi OS - OS specifically for Raspberry Pi
DietPi - lightweight, optimized base for hobbyist boards.
OSMC - Turn hardware into dedicated Kodi media center.
LinuxCNC - Controls heavy machinery and 3D printers.

Mobile Distros:

Mobian - Debian for phones and tablets.
PureOS - FSF endorsed, famous for Librem 5 convergence.
Droidian - Allows Debian to run on standard Android hardware.
LuneOS - Spiritual successor to Palm webOS.
FuriOS – OS for the FuriLabs FLX1, includes Waydroid.

Philosopy and Geopolitics:

Devuan - Protest against systemd
Endless OS/Emmabuntüs - Built for schools and developing world.
Astra/BOSS/Pardus/UOS - State sponsored distros (RU,IN,TR,CN).
openKylin - Community version of China's Kylin OS.

You could also consider Debian Pureblends, like Debian Med and Debian Edu.

Did I miss any? Please let me know, I will edit the list. Thank you!

#Debian #GNULinux #GNU #Linux #Privacy #SysAdmin #Tech #OpenSource #LMDE #LinuxMint #Mint #MXLinux #Deepin #PeppermintOS #antiX #SparkyLinux #BunsenLabs #Elive #AVLinux #NeptuneOS #KaliLinux #Kali #Tails #Whonix #Proxmox #OpenMediaVault #GRML #FINNIX #Knoppix #RaspberryPi #Pi #VyOS #Devuan #PureOS #Nitrux #EndlessOS #Emmabuntüs #Siduction #Bashcore #VanillaOS #TrueNAS #TrueNASScale #WindowMakerLive #Neptune #blendOS #crunchbang #Mobian #Droidian #FuriOS #LuneOS #Slax

#VyOS Stream 2025.11 is available for download 👉 https://blog.vyos.io/vyos-stream-2025.11

Okay, a bit of progress on #vyos on the SN2010 -- I wrote up the first part of the experience here: https://scottstuff.net/posts/2025/11/11/vyos-on-mellanox-sn2010-switch-part1/

Also, it looks like an idle switch will keep its ASIC around 42C with the fans set to the minimum value that keeps them spinning (PWM 32). The CPU is only slightly over ambient at that level. It's still *slightly* louder than I'd like with the fans at that level, but it's probably acceptable.

Odds are actually it'll start overheating if I add more than one or two optics to it, but `fancontrol` will speed the fan up in that case. Also, Mellanox gives the same crazy thermal margins for SN2xxx switches that they do for their NICs. Basically, anything under 105C is fine, and "critical" doesn't kick in until 120C. So 45C shouldn't worry me.

Ok, it's time: trying to install #VyOS on a Mellanox SN2010 Ethernet switch.

Mellanox/nVidia's SN-series switches are fairly unique because they've upstreamed a driver for the switch ASIC into the Linux kernel. So, in theory you can run *any* Linux distribution on the switch and still have hardware L2/L3 switching working. The switch chip looks like a bunch of extra Ethernet interfaces to the system, and you can configure them like normal (`ip`, `brctl`, etc). The kernel's config gets pushed into the ASIC transparently, and metrics from the ASIC get pulled back into the kernel as well.

I've been watching eBay for a cheap SN2010 for a while. It's a half-width 1U switch with 4x 100G and 18x 25G ports, and finally found one. It draws around 35W on idle without anything plugged in, and is *almost* quiet enough for desk use with the fans spun almost all the way down (`fae mlci2c set_fan /MGMT/FAN1 1 14` in their wonky stock NOS). I've seen a couple fan mods for it that will *probably* get it to be nearly silent.

From what I've seen, this is the lowest-power L3 switch with >2 QSFP28 and >12 SFP28 ports on the market.

The goal is to make this my new desktop switch for less-critical things. I'm currently using 8 or 9 fiber pairs between my desk and my wiring closet, and I *really* don't want to pull more fiber.

The biggest issue right now is that the "MXNX-OS" that came with it is just different enough from every other switch OS that I've used that I really don't want to bother with it. I've seen people run stock Debian on them (example: https://ipng.ch/s/articles/2023/11/11/debian-on-mellanox-sn2700-32x100g/), but I don't see how you can say "this switch OS is clunky, I'd really rather write a bunch of scripts to run 'ip addr add' myself" with a straight face.

So, let's see if I can get VyOS on it, and how close it comes to being usable.

It's shaping up to be a Add Features to #VyOS sort of fall, apparently.

In addition to playing with some ARM things, I'd like to add a few missing NTP options (around polling speed, mostly), get PTP (time) support working, and do whatever tweaks are needed to get support for Mellanox's switchdev-backed switches, like the SN2010.

For the most part, it looks like just loading the (included) mlxsw module *should* be enough to get hardware offloaded L2, L3, and at least some VxLAN working if you install VyOS (or any Linux) on a Mellanox SNxxxx switch. Just configure Linux networking like normal, and the kernel pushes a matching offload config to the hardware on its own. Counter/statistic support may be somewhat lacking, and I don't think VyOS has any support for configuring port splitting (1x100G -> 4x25G). All in all, though, it's *probably* fairly minimal.

It's apparently time for my semi-annual "I wish I had a #Linux #ARM build system" post. But, as usual, I can't actually find a good solution to my problem.

I'm ~12h into compiling #VyOS for ARM right now, running on a system with 4x A73 cores. That's way, way too slow.

Moving it to a Pi 5 would help slightly (~2x, maybe?). There are a few 6-8 core SBCs or similar with faster CPUs for under $250. After that, I *think* I could piece together a 80 or 96-core Ampere Altra system for $1500 or so.

Surely there's *some* ARM system that will run Linux and fits between (say) a RK3588 and an Ampere server, righjt?

Presumably it'd be possible to run Linux on a M1 or M2 Mac mini, but driver support seems dodgy.

Or maybe ARM Linux in a VM on a new er Mac mini? That'd probably sidestep a lot of the driver issues with M3/M4 CPUs and Linux.

I could probably try qemu running on my x86 desktop; it's almost certainly slower than running natively, but it'd probably still outperform a 4-core power-constrained system.

Or I could farm this out to AWS/GCP/etc. That'd certainly be cheaper up front, but I'd end up paying to sling multi-GB images back and forth all day.

Anyone have any other suggestions?

I'm guessing it's not possible, but does anyone know if on #Hetzner it's possible to create like a VPC or similar between auction servers, and a VPS?

Basically want want to run #Vyos on VPS and then route traffic from the auction servers out via that Vyos instance.

VyOSを使用してSite-to-Site VPNの構築検証してみた in 2025
https://dev.classmethod.jp/articles/vyos-site-to-site-vpn-in-2025/

#dev_classmethod #AWS_Site_to_Site_VPN #VyOS #AWS_Transit_Gateway #AWS_CDK #VPN

การตั้งค่า AWS Site-to-Site VPN บน VPC ใน Thailand Region
https://dev.classmethod.jp/articles/aws-site-to-site-vpn-vpc-thailand-region/

#dev_classmethod #Classmethod_Thailand #Thai_Language #AWS #AWS_Thai #AWS_VPN #VyOS

การลบ AWS Site-to-Site VPN บน VPC ใน Thailand Region
https://dev.classmethod.jp/articles/delete-aws-site-to-site-vpn-vpc-thailand-region/

#dev_classmethod #Classmethod_Thailand #Thai_Language #AWS #AWS_Thai #AWS_VPN #VyOS

Yow! I've been running #Minisforum MS-A2 #VyOS router performance benchmarks in the background for most of the weekend. I'll make a relatively small config, reboot, re-run the multi-hour NDR sweep with trex, lather, rinse, repeat.

When I set the BIOS to "performance" power mode instead of "balanced" (the default), I notice that it spikes to drawing 185W from the wall and runs like a bat out of hell for 6 seconds before throttling itself back down to 155W.

That's a spicy little mini PC -- I don't know how it expects to cool 185W. I mean, obviously it isn't, but it seems like a weirdly aggressive thing to even attempt.

This is *obviously* optimized for gaming/desktop uses, where a 6s spike in performance followed by slowing back down is a good thing. It benchmarks fairly poorly this way, though. Dropping back to "balanced" seems to give much better numbers overall.

I tried turning on AMD PBO, which will boost clock speeds even more when thermals permit it.

Thermals didn't permit it.

I'm running each test 3x, and with PBO I was seeing giant differences from run to run. Like 5.84/14.83/5.85 Mpps across 3 runs. In "balanced" mode without PBO it consistently got >15 Mpps, so enabling PBO isn't even slightly helpful.

This box feels like it should be faster than it is on routing; it's clearly faster than my previously-measured numbers on this thing's Intel twin, but throughput doesn't seem to be linear with CPU load. At 80% of peak load, it's using something like 50% of its CPU, but increasing past that rapidly swamps the CPU.

I saw similar with the Intel system, but I blamed it on Alder Lake's mix of P and E cores. The AMD model has 16 equal cores, so *that*'s not the problem.

I'm not sure if I'm hitting kernel-tunable issues (I've found at least one so far), hardware-tunable issues (Mellanox *loves* knobs), cache-size issues, or memory-bandwidth issues.

I probably have the tools to figure it out, though, so I'll leave tests running in the background for a day or two and keep making little tweaks to see what helps.

Firewall Upgrade.

I just replaced the miniPC I use as firewall running #VyOS

It has been upgraded to a "Mele Quieter DL" - more info here:

https://mele.cn/product/QuieterDL-en.html

This is an extremely compact, fanless PC with two NICs (RTL8125B 2.5GbE) and an Intel N100 CPU.

I got a lower spec model with 4G RAM and 128G eMMC storage as that will be fine for firewall use.

It can be configured in the BIOS to turn on when power applied, handy for firewall use.

I ran up Xubuntu linux for desktop use as a quick test and it was great for that as well, though I'd get one with more RAM if I was using it as a desktop machine.

One (not a showstopper) oddity with it is the bad design of the PSU socket, more details here: https://jauntygoat.net/@zog/114872639754152299

There is heaps of general info on youtube about these PCs for further info. Plus they seem to be popular with the astronomy crowd.

Sharing my router configs for DN42

https://dn42.f333.net/posts/2025/05/18/
https://f333.dn42/posts/2025/05/18/

#dn42 #vyos

@vax_ I concur 100%

Reading about it's hard to find a definitive list of affected routers but this link mentions the 3 I mentioned: https://www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/

I'm even recommending people get ones from GL-INET which supports #OpenWRT out of the box - although I still prefer to install the stock OpenWRT from the OpenWRT site on GL-INET devices instead of the slightly "slick UI" version of OpenWRT that GL-INET provide with the device.

In another post I just purchased an #OpenWRTOne to check it out - since I'm all sorted at home with my #VyOS firewall and #Unifi wifi I'm going to upgrade my mum's home internet with the OpenWRT One 🙂

edit: add GL-INET link https://www.gl-inet.com/support/firmware-versions/

time to fork VyoS?

#VyoS

https://old.reddit.com/r/vyos/comments/1hpbzx5/i_have_a_plan_for_making_vyos_free_again_but_ill/

an exciting friday night in debugging this, I now think it is a bug in VyOS that has been there for a while:

https://forum.vyos.io/t/ipv6-does-not-seem-to-be-working-on-pppoe-interfaces-since-1-3rolling/16602

#VyOS
#IPV6
#PPPOE

#VyOS
#ipv6
#pppoe

not critical, but mildly annoying that ipv6 almost works completely proper with VyOS and PPPOE for me.

https://forum.vyos.io/t/pppoe-does-not-get-ipv6-address-but-i-do-get-ipv6-prefix-delegation/16598

Домашнее облако: как я построил цифровой «бункер» для важных данных

Фото важных семейных событий и видео из путешествий, копии важных документов, музыка, фильмы, которых не найти на стримингах — многие задумывались, как сохранить все самое важное так, чтобы ситуация с не вовремя сломавшейся флешкой не обернулась потерей ценных данных навсегда. Кому-то для спокойствия достаточно Google Drive или Яндекс.Диска, но я решил пойти чуть дальше и построить собственное домашнее облако с приложениями Immich и Nextcloud. Кстати, привет, Хабр! Я Денис Петухов, Python-разработчик Читать дальше

https://habr.com/ru/companies/cloud_ru/articles/895328/

#nextcloud #immich #kubernetes #vyos #synology #домашнее_облако #облачный_диск

I think I might actually migrate my #firewall to #vyos. Just the fact that I can easily deploy #podman #container onto my firewall this is also possible with #OpenWrt but sadly it's a bit hacky as their partitioning is ephemeral in it's nature.
I'm still struggling a bit with managing core functionalities like firewalling but I will manage. Why isn't there already a GUI? Isn't their API supposed to be ready to use idk?
Solutions like #pfSense or #OPNsense are just a bit too inflexible for me.

After a couple of years of abstence I have to try #vyos once again. I have been also trying to go back to #opnsense lately but it seems I like #linux based firewalls better, even though somehow #BSD's #pf is really good.

Al final #VyOS corre en una maquina virtual. Y corre bien hasta ahora. :coffee_mug: :coffeepot:

My problem with all of this is that I want to like and recommend these projects as glowing beacons of open source software, but it's getting increasingly harder.

I want to like #mailcow, but can I really when https://github.com/mailcow/mailcow-dockerized/pull/4311 is how they react to PRs.

I want to like @zulip, but can I really trust them to continue to value self-hosting highly after the push notification situation?

I want to like #vyos, but they really made it hard to recommend them with shutting down self builds.

I ..

I'm pretty sure there will be stink about an evil multi-billion corporation sending DMCA takedowns now, but for the record, https://github.com/umlumpa/vyos-1x was taken down because the owner of that account proceeded to _remove GPL license headers_ from all files and went as far as to replace my name in "this package was debianized by Daniil Baturin in 20xx" with his own name but the original date.

If that's how you honor FOSS licenses, that's how we respond — no hard feelings, folks.

#vyos

@rachel I have been in my software router era for a very long time with #VyOS then #openwrt then back to #VyOS tried to sprinkle #frr around there too. It just took a little bit of cognitive load when updating the host or the software I'm using as my virtualization layer.. Now! I just been on this router for like 4 days.. I might be full of shit 😂😂😂

I got tired of fussing with #FRR and trying to use it to do VRF's and routing as it really is geared towards Dynamic Routing! Back to #VyOS for the #homelab. I am still using VRRP with 3 FRR routers on my #incus hosts. So as long as my upstream router is up. I can reboot hosts all day long and no internet go down.

#selfhosted #selfhosting

VyOS 1.5 is somehow broken for me: Babel does not work at all (not even with the example from the documentation) and with BGP you cannot set a source address for installed routes (possible with route-map set src, but has no effect).

The rolling release seems to be enormously rolling.

#VyOS #Babel #FRR #BGP #Networking

I was able to make most of the #networking changes in the #homelab and now everything ( I think ) is running off of #NetBird.

I was able to get rid of 3 old routed networks, an intermediate dns service that transferred zones from #LXD to my primary dns server, the BGP that ran some of this, the virtual #VyOS router, and 3 dns zones that managed all of my #LXD instances.

I just have #OVN ( which I want to try to get rid of too) and my lxd cluster!
All the dns is handled within #nebird.

Another weird thing I noticed with #vyos.. You can't hit the gateway with anything unless you are passing traffic if the interface belongs to a routing table that is not the main routing table which is fucking weird.

#thelab #homelab #selfhosting #networking #vyos

Son of a!!!! #Vyos has a problem with #vrf and #nat. Which means I can't, well it looks like it anyway, nat out of a VRF to the default vrf.. I would need to have another router or something to point to then have that route to the internet.

Most of the reason to move to this was to be able to leak routes to between vrfs.. I learned vyos and a shit tone of firewalls tho.

#homelab #netowrking #vyos #proxmox #network #fuck

Son of a!!!! #Vyos has a problem with #vrf and #nat. Which means I can't, well it looks like it anyway, nat out of a VRF to the default vrf.. I would need to have another router or something to point to then have that route to the internet.

Most of the reason to move to this was to be able to leak routes to between vrfs.. I learned vyos and a shit tone of firewalls tho.

#homelab #netowrking #vyos #proxmox #network #fuck

Son of a!!!! #Vyos has a problem with #vrf and #nat. Which means I can't, well it looks like it anyway, nat out of a VRF to the default vrf.. I would need to have another router or something to point to then have that route to the internet.

Most of the reason to move to this was to be able to leak routes to between vrfs.. I learned vyos and a shit tone of firewalls tho.

#homelab #netowrking #vyos #proxmox #network #fuck

Son of a!!!! #Vyos has a problem with #vrf and #nat. Which means I can't, well it looks like it anyway, nat out of a VRF to the default vrf.. I would need to have another router or something to point to then have that route to the internet.

Most of the reason to move to this was to be able to leak routes to between vrfs.. I learned vyos and a shit tone of firewalls tho.

#homelab #netowrking #vyos #proxmox #network #fuck

Son of a!!!! #Vyos has a problem with #vrf and #nat. Which means I can't, well it looks like it anyway, nat out of a VRF to the default vrf.. I would need to have another router or something to point to then have that route to the internet.

Most of the reason to move to this was to be able to leak routes to between vrfs.. I learned vyos and a shit tone of firewalls tho.

#homelab #netowrking #vyos #proxmox #network #fuck

So I was thinking I was gonna run pure LXD to run #opnsense and #vyos! However, I'm having such a hard time with just installing anything with ISO let alone running a BSD instance on there. I think I need a hypervisor.

I really don't wanna run 2 different systems. so I want something that is not really that complex to keep going as I'm just going to use 2 vm's maybe 3 on this system.

Which one do you recommend. #proxmox #VMware #homelab #selfhosting #virt-manager #Xen-look-a- like