correction of ipsec compression syntax and added a reference

for changes done for zone based firewall

docs/configexamples/azure-vpn-bgp.rst

@@ -60,7 +60,6 @@ Vyos configuration
 
 .. code-block:: none
 
-  set vpn ipsec esp-group AZURE compression 'disable'
   set vpn ipsec esp-group AZURE lifetime '3600'
   set vpn ipsec esp-group AZURE mode 'tunnel'
   set vpn ipsec esp-group AZURE pfs 'dh-group2'
@@ -70,7 +69,7 @@ Vyos configuration
   set vpn ipsec ike-group AZURE dead-peer-detection action 'restart'
   set vpn ipsec ike-group AZURE dead-peer-detection interval '15'
   set vpn ipsec ike-group AZURE dead-peer-detection timeout '30'
-  set vpn ipsec ike-group AZURE ikev2-reauth 'yes'
+  set vpn ipsec ike-group AZURE ikev2-reauth
   set vpn ipsec ike-group AZURE key-exchange 'ikev2'
   set vpn ipsec ike-group AZURE lifetime '28800'
   set vpn ipsec ike-group AZURE proposal 1 dh-group '2'
@@ -94,7 +93,7 @@ Vyos configuration
 
 .. code-block:: none
 
-  set firewall options interface vti1 adjust-mss 1350
+  set interfaces vti vti1 ip adjust-mss 1350
 
 - Configure the VPN tunnel
 

docs/configexamples/azure-vpn-dual-bgp.rst

@@ -59,7 +59,6 @@ Vyos configuration
 
 .. code-block:: none
 
-  set vpn ipsec esp-group AZURE compression 'disable'
   set vpn ipsec esp-group AZURE lifetime '3600'
   set vpn ipsec esp-group AZURE mode 'tunnel'
   set vpn ipsec esp-group AZURE pfs 'dh-group2'
@@ -69,7 +68,7 @@ Vyos configuration
   set vpn ipsec ike-group AZURE dead-peer-detection action 'restart'
   set vpn ipsec ike-group AZURE dead-peer-detection interval '15'
   set vpn ipsec ike-group AZURE dead-peer-detection timeout '30'
-  set vpn ipsec ike-group AZURE ikev2-reauth 'yes'
+  set vpn ipsec ike-group AZURE ikev2-reauth
   set vpn ipsec ike-group AZURE key-exchange 'ikev2'
   set vpn ipsec ike-group AZURE lifetime '28800'
   set vpn ipsec ike-group AZURE proposal 1 dh-group '2'
@@ -96,8 +95,8 @@ Vyos configuration
 
 .. code-block:: none
 
-  set firewall options interface vti1 adjust-mss 1350
-  set firewall options interface vti2 adjust-mss 1350
+  set interfaces vti vti1 ip adjust-mss 1350
+  set interfaces vti vti2 ip adjust-mss 1350
 
 - Configure the VPN tunnels
 

docs/configuration/firewall/zone.rst

@@ -6,13 +6,14 @@
 Zone Based Firewall
 ###################
 
-.. note:: **Important note:**
-   This documentation is valid only for VyOS Sagitta prior to
-   1.4-rolling-YYYYMMDDHHmm
+.. note:: For latest releases, refer the `firewall 
+   <https://docs.vyos.io/en/latest/configuration/firewall/general.html#interface-groups>`_ 
+   main page to configure zone based rules. New syntax was introduced here 
+   :vytask:`T5160`
 
 In zone-based policy, interfaces are assigned to zones, and inspection policy
 is applied to traffic moving between the zones and acted on according to
-firewall rules. A Zone is a group of interfaces that have similar functions or
+firewall rules. A zone is a group of interfaces that have similar functions or
 features. It establishes the security borders of a network. A zone defines a
 boundary where traffic is subjected to policy restrictions as it crosses to
 another region of a network.
@@ -40,7 +41,7 @@ firewall can be created to simplify configuration when multiple interfaces
 belong to the same security zone. Instead of applying rule-sets to interfaces,
 they are applied to source zone-destination zone pairs.
 
-An basic introduction to zone-based firewalls can be found `here
+A basic introduction to zone-based firewalls can be found `here
 <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_,
 and an example at :ref:`examples-zone-policy`.
 

docs/configuration/nat/nat44.rst

@@ -740,14 +740,12 @@ external interface in the image above)
 
 .. code-block:: none
 
-  set vpn ipsec ike-group my-ike ikev2-reauth 'no'
   set vpn ipsec ike-group my-ike key-exchange 'ikev1'
   set vpn ipsec ike-group my-ike lifetime '7800'
   set vpn ipsec ike-group my-ike proposal 1 dh-group '14'
   set vpn ipsec ike-group my-ike proposal 1 encryption 'aes256'
   set vpn ipsec ike-group my-ike proposal 1 hash 'sha256'
 
-  set vpn ipsec esp-group my-esp compression 'disable'
   set vpn ipsec esp-group my-esp lifetime '3600'
   set vpn ipsec esp-group my-esp mode 'tunnel'
   set vpn ipsec esp-group my-esp pfs 'disable'

docs/configuration/vpn/dmvpn.rst

@@ -200,7 +200,6 @@ Hub
   set protocols nhrp tunnel tun100 redirect
   set protocols nhrp tunnel tun100 shortcut
 
-  set vpn ipsec esp-group ESP-HUB compression 'disable'
   set vpn ipsec esp-group ESP-HUB lifetime '1800'
   set vpn ipsec esp-group ESP-HUB mode 'transport'
   set vpn ipsec esp-group ESP-HUB pfs 'dh-group2'
@@ -208,7 +207,6 @@ Hub
   set vpn ipsec esp-group ESP-HUB proposal 1 hash 'sha1'
   set vpn ipsec esp-group ESP-HUB proposal 2 encryption '3des'
   set vpn ipsec esp-group ESP-HUB proposal 2 hash 'md5'
-  set vpn ipsec ike-group IKE-HUB ikev2-reauth 'no'
   set vpn ipsec ike-group IKE-HUB key-exchange 'ikev1'
   set vpn ipsec ike-group IKE-HUB lifetime '3600'
   set vpn ipsec ike-group IKE-HUB proposal 1 dh-group '2'
@@ -309,7 +307,6 @@ VyOS can also run in DMVPN spoke mode.
   set protocols nhrp tunnel tun100 redirect
   set protocols nhrp tunnel tun100 shortcut
 
-  set vpn ipsec esp-group ESP-HUB compression 'disable'
   set vpn ipsec esp-group ESP-HUB lifetime '1800'
   set vpn ipsec esp-group ESP-HUB mode 'transport'
   set vpn ipsec esp-group ESP-HUB pfs 'dh-group2'
@@ -318,7 +315,6 @@ VyOS can also run in DMVPN spoke mode.
   set vpn ipsec esp-group ESP-HUB proposal 2 encryption '3des'
   set vpn ipsec esp-group ESP-HUB proposal 2 hash 'md5'
   set vpn ipsec ike-group IKE-HUB close-action 'none'
-  set vpn ipsec ike-group IKE-HUB ikev2-reauth 'no'
   set vpn ipsec ike-group IKE-HUB key-exchange 'ikev1'
   set vpn ipsec ike-group IKE-HUB lifetime '3600'
   set vpn ipsec ike-group IKE-HUB proposal 1 dh-group '2'

docs/configuration/vpn/ipsec.rst

@@ -51,8 +51,6 @@ VyOS IKE group has the next options:
  
  * ``hold`` set action to hold;
  
- * ``clear`` set action to clear;
- 
  * ``restart`` set action to restart;
  
 * ``dead-peer-detection`` controls the use of the Dead Peer Detection protocol 
@@ -73,11 +71,9 @@ VyOS IKE group has the next options:
  * ``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only
  
 * ``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate 
-  the peer. In IKEv1, reauthentication is always done:
-  
- * ``yes`` enable remote host re-authentication during an IKE rekey;
- 
- * ``no`` disable remote host re-authenticaton during an IKE rekey;
+  the peer. In IKEv1, reauthentication is always done.
+  Setting this parameter enables remote host re-authentication during an IKE 
+  rekey.
  
 * ``key-exchange`` which protocol should be used to initialize the connection
   If not set both protocols are handled and connections will use IKEv2 when 
@@ -87,13 +83,10 @@ VyOS IKE group has the next options:
  
  * ``ikev2`` use IKEv2 for Key Exchange;
  
-* ``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);
+* ``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);
 
-* ``mobike`` enable MOBIKE Support. MOBIKE is only available for IKEv2:
-
- * ``enable`` enable MOBIKE (default for IKEv2);
- 
- * ``disable`` disable MOBIKE;
+* ``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2
+  and enabled by default.
  
 * ``mode`` IKEv1 Phase 1 Mode Selection:
 
@@ -126,12 +119,8 @@ Multiple proposals can be specified in a single group.
 
 VyOS ESP group has the next options:
 
-* ``compression`` whether IPComp compression of content is proposed 
-  on the connection:
-
- * ``disable`` disable IPComp compression (default);
- 
- * ``enable`` enable IPComp compression;
+* ``compression``  Enables the  IPComp(IP Payload Compression) protocol which
+  allows compressing the content of IP packets.  
  
 * ``life-bytes`` ESP life in bytes <1024-26843545600000>. 
   Number of bytes transmitted over an IPsec SA before it expires;