Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Limitations restrictions or behavior changes

IKEv1

While Vyatta NOS does support IKEv1, we strongly recommend that IKEv2 is used to avoid security vulnerabilities associated with IKEv1, such as reflector and Amplifier DoS attacks.

DES, 3DES

Security researchers have discovered flaws in the DES and 3DES encryption algorithms (CVE-2016-2183). These flaws exist in the design of the encryption algorithms themselves, not in the implementation, making DES and 3DES weakened ciphers. The Vyatta NOS still supports DES and 3DES for backwards compatibility reasons, but users are strongly encouraged to migrate to AES as soon as possible. For more information, see:

Using IPsec with AES-GCM or AES-CBC

If using IPsec with AES-GCM or AES-CBC, the AES-NI processor/CPU feature must be enabled in the UEFI/BIOS, or in the hypervisor if using a virtual machine. Please consult the UEFI/BIOS configuration manual of your platform vendor for instructions on how to enable the AES-NI processor/CPU feature.