vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #760 from srividya0208/proofreading

Browse Source 
deletion of note related to nat
This commit is contained in:
Robert Göhler 2022-04-26 15:33:45 +02:00 committed by GitHub
commit 0323f03645
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/configuration/firewall/index.rst
View File

@ -154,8 +154,6 @@ either a source or destination. Members can be added or removed from a
group without changes to, or the need to reload, individual firewall group without changes to, or the need to reload, individual firewall
rules. rules.
.. note:: Groups can also be referenced by NAT configuration.
Groups need to have unique names. Even though some contain IPv4 Groups need to have unique names. Even though some contain IPv4
addresses and others contain IPv6 addresses, they still need to have addresses and others contain IPv6 addresses, they still need to have
unique names, so you may want to append "-v4" or "-v6" to your group unique names, so you may want to append "-v4" or "-v6" to your group

7
docs/configuration/vpn/site2site_ipsec.rst
View File

@ -74,16 +74,19 @@ Each site-to-site peer has the next options:
* ``connection-type`` - how to handle this connection process. Possible * ``connection-type`` - how to handle this connection process. Possible
variants: variants:
* ``initiate`` - do initial connection to remote peer immediately after * ``initiate`` - does initial connection to remote peer immediately after
configuring and after boot. In this mode the connection will not be restarted configuring and after boot. In this mode the connection will not be restarted
in case of disconnection, therefore should be used only together with DPD or in case of disconnection, therefore should be used only together with DPD or
another session tracking methods; another session tracking methods;
* ``respond`` - do not try to initiate a connection to a remote peer. In this * ``respond`` - does not try to initiate a connection to a remote peer. In this
mode, the IPSec session will be established only after initiation from a mode, the IPSec session will be established only after initiation from a
remote peer. Could be useful when there is no direct connectivity to the remote peer. Could be useful when there is no direct connectivity to the
peer due to firewall or NAT in the middle of the local and remote side. peer due to firewall or NAT in the middle of the local and remote side.
* ``none`` - loads the connection only, which then can be manually initiated or
used as a responder configuration.
* ``default-esp-group`` - ESP group to use by default for traffic encryption. * ``default-esp-group`` - ESP group to use by default for traffic encryption.
Might be overwritten by individual settings for tunnel or VTI interface Might be overwritten by individual settings for tunnel or VTI interface
binding; binding;