Merge branch 'vyos:equuleus' into equuleus

docs/_include/vyos-1x

@@ -1 +1 @@
-Subproject commit da4006c2a784ff06cf3af3aad6adee7fef8a5330
+Subproject commit c7042bd0af8bb6d96a2defb01017cfb8d4c1cb7d

docs/changelog/1.3.rst

@@ -8,6 +8,52 @@
    _ext/releasenotes.py
 
 
+2023-10-26
+==========
+
+* :vytask:`T5684` (bug): services using VRF generates the error "Failed to load BPF prog: 'Operation not permitted'" when the system boots.
+* :vytask:`T5594` (bug): VRRP - Error if using IPv6 Link Local as hello source address
+
+
+2023-10-21
+==========
+
+* :vytask:`T5670` (bug): bridge: missing member interface validator
+* :vytask:`T5191` (default): Replace underscores with hyphens in command-line options generated by vyos.opmode
+* :vytask:`T4402` (bug): OpenVPN client-ip-pool option is broken
+* :vytask:`T2719` (feature): Standardized op mode script structure
+
+
+2023-10-19
+==========
+
+* :vytask:`T5669` (bug): VXLAN interface changing port does not work
+
+
+2023-10-17
+==========
+
+* :vytask:`T5235` (bug): SSH keys with special characters cannot be applied via Cloud-init
+
+
+2023-10-08
+==========
+
+* :vytask:`T5630` (feature): pppoe: allow to specify MRU in addition to already configurable MTU
+
+
+2023-10-06
+==========
+
+* :vytask:`T5576` (feature): Add bgp remove-private-as all option
+
+
+2023-10-04
+==========
+
+* :vytask:`T5632` (feature): Add jq package to parse JSON files
+
+
 2023-09-25
 ==========
 
@@ -211,12 +257,6 @@
 * :vytask:`T5313` (bug): UDP broadcast relay - missing verify() that relay interfaces have an IP address assigned
 
 
-2023-06-28
-==========
-
-* :vytask:`T1237` (feature): Static Route Path Monitoring, failover
-
-
 2023-06-26
 ==========
 
@@ -236,6 +276,12 @@
 * :vytask:`T5280` (bug): Update Expired keys (2023-06-08) for PowerDNS
 
 
+2023-06-13
+==========
+
+* :vytask:`T5213` (feature): Accel-ppp sending accounting interim updates acct-interim-interval option
+
+
 2023-05-29
 ==========
 

docs/configuration/vpn/site2site_ipsec.rst

@@ -272,15 +272,28 @@ Imagine the following topology
 
    IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)
 
+**LEFT:**
+* WAN interface on `eth0.201`
+* `eth0.201` interface IP: `172.18.201.10/24`
+* `vti10` interface IP: `10.0.0.2/31`
+* `dum0` interface IP: `10.0.11.1/24` (for testing purposes)
+
+**RIGHT:**
+* WAN interface on `eth0.202`
+* `eth0.201` interface IP: `172.18.202.10/24`
+* `vti10` interface IP: `10.0.0.3/31`
+* `dum0` interface IP: `10.0.12.1/24` (for testing purposes)
 
 .. note:: Don't get confused about the used /31 tunnel subnet. :rfc:`3021`
    gives you additional information for using /31 subnets on point-to-point
    links.
 
-**left**
+**LEFT**
 
 .. code-block:: none
 
+  set interfaces ethernet eth0 vif 201 address '172.18.201.10/24'
+  set interfaces dummy dum0 address '10.0.11.1/24'
   set interfaces vti vti10 address '10.0.0.2/31'
 
   set vpn ipsec esp-group ESP_DEFAULT compression 'disable'
@@ -311,10 +324,14 @@ Imagine the following topology
   set vpn ipsec site-to-site peer 172.18.202.10 vti bind 'vti10'
   set vpn ipsec site-to-site peer 172.18.202.10 vti esp-group 'ESP_DEFAULT'
 
-**right**
+  set protocols static interface-route 10.0.12.0/24 next-hop-interface vti10
+
+**RIGHT**
 
 .. code-block:: none
 
+  set interfaces ethernet eth0 vif 202 address '172.18.202.10/24'
+  set interfaces dummy dum0 address '10.0.12.1/24'
   set interfaces vti vti10 address '10.0.0.3/31'
 
   set vpn ipsec esp-group ESP_DEFAULT compression 'disable'
@@ -345,6 +362,8 @@ Imagine the following topology
   set vpn ipsec site-to-site peer 172.18.201.10 vti bind 'vti10'
   set vpn ipsec site-to-site peer 172.18.201.10 vti esp-group 'ESP_DEFAULT'
 
+  set protocols static interface-route 10.0.11.0/24 next-hop-interface vti10
+
 Key Parameters:
 
 * ``authentication local-id/remote-id`` - IKE identification is used for