mirror of
https://github.com/vyos/vyos-documentation.git
synced 2025-11-03 04:12:03 +01:00
fix some build warnings
This commit is contained in:
rebortg
parent
d6d9dbbbef
commit
5fb241c9ae
@ -71,7 +71,7 @@ In both cases, we will use the following settings:
|
|||||||
dynamic IP for our remote router.
|
dynamic IP for our remote router.
|
||||||
|
|
||||||
Setting up certificates
|
Setting up certificates
|
||||||
-----------------------
|
=======================
|
||||||
|
|
||||||
Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose
|
Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose
|
||||||
of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity,
|
of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity,
|
||||||
@ -129,7 +129,7 @@ Note: certificate names don't matter, we use 'openvpn-local' and 'openvpn-remote
|
|||||||
Repeat the procedure on the other router.
|
Repeat the procedure on the other router.
|
||||||
|
|
||||||
Setting up OpenVPN
|
Setting up OpenVPN
|
||||||
------------------
|
==================
|
||||||
|
|
||||||
Local Configuration:
|
Local Configuration:
|
||||||
|
|
||||||
@ -148,6 +148,7 @@ Local Configuration:
|
|||||||
set interfaces openvpn vtun1 tls certificate 'openvpn-local' # The self-signed certificate
|
set interfaces openvpn vtun1 tls certificate 'openvpn-local' # The self-signed certificate
|
||||||
set interfaces openvpn vtun1 tls peer-fingerprint <remote cert fingerprint> # The output of 'run show pki certificate <name> fingerprint sha256
|
set interfaces openvpn vtun1 tls peer-fingerprint <remote cert fingerprint> # The output of 'run show pki certificate <name> fingerprint sha256
|
||||||
on the remote rout
|
on the remote rout
|
||||||
|
|
||||||
Remote Configuration:
|
Remote Configuration:
|
||||||
|
|
||||||
.. code-block:: none
|
.. code-block:: none
|
||||||
@ -163,8 +164,9 @@ Remote Configuration:
|
|||||||
set interfaces openvpn vtun1 tls certificate 'openvpn-remote' # The self-signed certificate
|
set interfaces openvpn vtun1 tls certificate 'openvpn-remote' # The self-signed certificate
|
||||||
set interfaces openvpn vtun1 tls peer-fingerprint <local cert fingerprint> # The output of 'run show pki certificate <name> fingerprint sha256
|
set interfaces openvpn vtun1 tls peer-fingerprint <local cert fingerprint> # The output of 'run show pki certificate <name> fingerprint sha256
|
||||||
on the local router
|
on the local router
|
||||||
|
|
||||||
Pre-shared keys
|
Pre-shared keys
|
||||||
---------------
|
===============
|
||||||
|
|
||||||
Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys.
|
Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys.
|
||||||
That option is still available but it is deprecated and will be removed in the future.
|
That option is still available but it is deprecated and will be removed in the future.
|
||||||
@ -200,6 +202,7 @@ Then you need to install the key on the remote router:
|
|||||||
Then you need to set the key in your OpenVPN interface settings:
|
Then you need to set the key in your OpenVPN interface settings:
|
||||||
|
|
||||||
.. code-block:: none
|
.. code-block:: none
|
||||||
|
|
||||||
set interfaces openvpn vtun1 shared-secret-key s2s
|
set interfaces openvpn vtun1 shared-secret-key s2s
|
||||||
|
|
||||||
Firewall Exceptions
|
Firewall Exceptions
|
||||||
@ -433,6 +436,7 @@ Branch 1's router might have the following lines:
|
|||||||
set interfaces openvpn vtun10 tls ca-cert ca-1
|
set interfaces openvpn vtun10 tls ca-cert ca-1
|
||||||
set interfaces openvpn vtun10 tls certificate branch-1
|
set interfaces openvpn vtun10 tls certificate branch-1
|
||||||
|
|
||||||
|
|
||||||
Client Authentication
|
Client Authentication
|
||||||
=====================
|
=====================
|
||||||
|
|
||||||
|
|||||||
@ -1204,7 +1204,7 @@ Interface Configuration
|
|||||||
synchronizing process of the router's database with all neighbors. The
|
synchronizing process of the router's database with all neighbors. The
|
||||||
default value is 1 seconds. The interval range is 3 to 65535.
|
default value is 1 seconds. The interval range is 3 to 65535.
|
||||||
|
|
||||||
.. _ospf:v3_redistribution_config:
|
.. _ospf:v3_graceful_restart:
|
||||||
|
|
||||||
Graceful Restart
|
Graceful Restart
|
||||||
----------------
|
----------------
|
||||||
@ -1245,6 +1245,8 @@ Graceful Restart
|
|||||||
|
|
||||||
By default, it supports both planned and unplanned outages.
|
By default, it supports both planned and unplanned outages.
|
||||||
|
|
||||||
|
.. _ospf:v3_redistribution_config:
|
||||||
|
|
||||||
Redistribution Configuration
|
Redistribution Configuration
|
||||||
----------------------------
|
----------------------------
|
||||||
|
|
||||||
|
|||||||
@ -180,6 +180,8 @@ IGMP - Internet Group Management Protocol)
|
|||||||
Configure watermark warning generation for an IGMP group limit. Generates
|
Configure watermark warning generation for an IGMP group limit. Generates
|
||||||
warning once the configured group limit is reached while adding new groups.
|
warning once the configured group limit is reached while adding new groups.
|
||||||
|
|
||||||
|
.. _pim:igmp_interface_commands:
|
||||||
|
|
||||||
Interface specific commands
|
Interface specific commands
|
||||||
===========================
|
===========================
|
||||||
|
|
||||||
@ -202,7 +204,7 @@ Interface specific commands
|
|||||||
Use this command to configure in the selected interface the IGMP
|
Use this command to configure in the selected interface the IGMP
|
||||||
query response timeout value (10-250) in deciseconds. If a report is
|
query response timeout value (10-250) in deciseconds. If a report is
|
||||||
not returned in the specified time, it will be assumed the (S,G) or
|
not returned in the specified time, it will be assumed the (S,G) or
|
||||||
(*,G) state :rfc:`7761#section-4.1` has timed out.
|
(\*,G) state :rfc:`7761#section-4.1` has timed out.
|
||||||
|
|
||||||
.. cfgcmd:: set protocols pim interface <interface> igmp version <version-number>
|
.. cfgcmd:: set protocols pim interface <interface> igmp version <version-number>
|
||||||
|
|
||||||
|
|||||||
@ -154,6 +154,8 @@ Configuration
|
|||||||
|
|
||||||
Disable dhcpv6-relay service.
|
Disable dhcpv6-relay service.
|
||||||
|
|
||||||
|
.. _dhcp_relay:v6_options:
|
||||||
|
|
||||||
Options
|
Options
|
||||||
-------
|
-------
|
||||||
|
|
||||||
|
|||||||
@ -282,6 +282,8 @@ Configuration
|
|||||||
VRF and NAT
|
VRF and NAT
|
||||||
-----------
|
-----------
|
||||||
|
|
||||||
|
.. _vrf:nat_configuration:
|
||||||
|
|
||||||
Configuration
|
Configuration
|
||||||
^^^^^^^^^^^^^
|
^^^^^^^^^^^^^
|
||||||
|
|
||||||
|
|||||||
@ -110,7 +110,7 @@ Sagitta (the Arrow) is the codename of the current development
|
|||||||
branch, so there's no VyOS 1.4 yet.
|
branch, so there's no VyOS 1.4 yet.
|
||||||
|
|
||||||
Circinus (1.5)
|
Circinus (1.5)
|
||||||
-------------
|
--------------
|
||||||
|
|
||||||
Circinus (the Compass) is the codename of the upcoming development
|
Circinus (the Compass) is the codename of the upcoming development
|
||||||
branch, so there's no VyOS 1.5 yet.
|
branch, so there's no VyOS 1.5 yet.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user