# VyOS Static **Extensive testing with different routers and cloud provider IPsec offerings has shown that these IPsec clients will significantly underperform an instance or server running IPsec. Running IPsec on a router should only be done when it is not possible to configure a pritunl-link client with port forwarding. Additionally many failover features will be unsupported when not using pritunl-link clients for IPsec.** Pritunl Link has support for the VyOS using IPsec links with a static host. A static host in Pritunl Link is a IPsec client that is not running the pritunl-link application. This allows connecting on-site routers that have support for IPsec. Using a static host will have some limitations such as not being able to automatically update changes to the link configuration. ### Configure VyOS Static hosts are not able to automatically pull changes to the link configuration from the Pritunl server. Because of this the link configuration must be fully completed and all non-static hosts must be deployed first. The non-static hosts will push the public address of the host to the Pritunl server, this must be done before configuring the static host. If it's necessary to deploy a static host before non-static hosts the public address must be manually configured on the non-static hosts. To configure a VyOS static host first create a location for the VyOS network then click *Add Host* in the location. Then click *Advanced* at the top right and enable *Static Host*. Set the *Public Address* to the public IP address of the VyOS. If an IPv6 link is being configured also set the *IPv6 Address*. ![](/files/Rgybou3pn6AOm2bkaBLO) Once done a *Get EdgeRouter Conf* button will be displayed on the right side of the host. Both EdgeRouter and VyOS are based on the same operating system, except for the first auto firewall command all the EdgeRouter commands will run on VyOS. Click the button to get the configuration. Connect to the VyOS router with SSH then run the command `configure` and paste these commands excluding the first one into the configuration mode. Then run `commit` and `save`. This will configure all the needed options and the router will then connect and route the traffic to the networks. ![](/files/7WNQXcAhR4U90kDbbKjU) The commands `show vpn ipsec status`, `show vpn ipsec state` and `sudo ipsec statusall` will show the status of the IPsec connection on VyOS. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pritunl.com/kb/vpn/link/vyos.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.