Update openvpn.rst

Cross-reference corrections
2025-10-26 08:41:46 +01:00 · 2021-10-07 11:41:18 +04:00 · 2021-10-07 11:41:18 +04:00 · 26e0445913
commit 26e0445913
parent f35da586d2
1 changed files with 19 additions and 11 deletions
--- a/docs/configuration/interfaces/openvpn.rst
+++ b/docs/configuration/interfaces/openvpn.rst
@ -48,8 +48,9 @@ Site-to-site mode supports x.509 but doesn't require it and can also work with
 static keys, which is simpler in many cases. In this example, we'll configure
 a simple site-to-site OpenVPN tunnel using a 2048-bit pre-shared key.

-First, one of the systems generate the key using the `generate pki openvpn shared-secret <https://docs.vyos.io/en/latest/configuration/pki/index.html#openvpn>`_ command. 
-Once generated, you will need to install this key on the local system, then copy and install this key to the remote router.
+First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret<configuration/pki:pki>` 
+command. Once generated, you will need to install this key on the local system, 
+then copy and install this key to the remote router.

 In our example, we used the key name ``openvpn-1`` which we will reference
 in our configuration.
@ -96,10 +97,14 @@ Local Configuration - Annotated:

 .. code-block:: none

-  run generate pki openvpn shared-secret install openvpn-1                        # Locally genearated OpenVPN shared secret. The generated secret is the output to the console.
+  run generate pki openvpn shared-secret install openvpn-1                        # Locally genearated OpenVPN shared secret. 
+                                                                                    The generated secret is the output to 
+                                                                                    the console.
  Configure mode commands to install OpenVPN key:
-  set pki openvpn shared-secret openvpn-1 key 'generated_key_string'              # Generated secret displayed in the output to the console.
-  set pki openvpn shared-secret openvpn-1 version '1'                             # Generated secret displayed in the output to the console.
+  set pki openvpn shared-secret openvpn-1 key 'generated_key_string'              # Generated secret displayed in the output to 
+                                                                                    the console.
+  set pki openvpn shared-secret openvpn-1 version '1'                             # Generated secret displayed in the output to 
+                                                                                    the console.

  set interfaces openvpn vtun1 mode site-to-site
  set interfaces openvpn vtun1 protocol udp
@ -133,7 +138,8 @@ Remote Configuration - Annotated:

 .. code-block:: none

-  set pki openvpn shared-secret openvpn-1 key 'generated_key_string'               # Locally genearated OpenVPN shared secret (from the Local Configuration Block).
+  set pki openvpn shared-secret openvpn-1 key 'generated_key_string'               # Locally genearated OpenVPN shared secret 
+                                                                                    (from the Local Configuration Block).
  set pki openvpn shared-secret openvpn-1 version '1'

  set interfaces openvpn vtun1 mode site-to-site
@ -268,7 +274,7 @@ Server

 Multi-client server is the most popular OpenVPN mode on routers. It always uses
 x.509 authentication and therefore requires a PKI setup. Refer this topic
-`PKI <https://docs.vyos.io/en/latest/configuration/pki/index.html#pki>`_ to generate a CA certificate,
+:ref:`configuration/pki:pki` to generate a CA certificate,
 a server certificate and key, a certificate revocation list, a Diffie-Hellman
 key exchange parameters file. You do not need client certificates and keys for
 the server setup.
@ -302,17 +308,18 @@ Then we need to generate, add and specify the names of the cryptographic materia

 .. code-block:: none

-  run generate pki ca install ca-1                                # Follow the instructions to generate CA cert
+  run generate pki ca install ca-1                                # Follow the instructions to generate CA cert.
  Configure mode commands to install:
  set pki ca ca-1 certificate 'generated_cert_string'
  set pki ca ca-1 private key 'generated_private_key'
  
-  run generate pki certificate sign ca-1 install srv-1            # Follow the instructions to generate server cert
+  run generate pki certificate sign ca-1 install srv-1            # Follow the instructions to generate server cert.
  Configure mode commands to install:
  set pki certificate srv-1 certificate 'generated_server_cert'
  set pki certificate srv-1 private key 'generated_private_key'
  
-  run generate pki dh install dh-1                                # Follow the instructions to generate set of Diffie-Hellman parameters
+  run generate pki dh install dh-1                                # Follow the instructions to generate set of 
+                                                                    Diffie-Hellman parameters.
  Generating parameters...
  Configure mode commands to install DH parameters:
  set pki dh dh-1 parameters 'generated_dh_params_set'
@ -361,7 +368,8 @@ HQ's router requires the following steps to generate crypto materials for the Br

 .. code-block:: none
  
-  run generate pki certificate sign ca-1 install branch-1            # Follow the instructions to generate client cert for Branch 1
+  run generate pki certificate sign ca-1 install branch-1            # Follow the instructions to generate client 
+                                                                       cert for Branch 1
  Configure mode commands to install:
  
 Branch 1's router might have the following lines: