vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

tunnel: T3366: rename local-ip and remote-ip CLI nodes

Browse Source
This commit is contained in:
Christian Poessinger 2021-07-25 21:17:43 +02:00
parent 4f892a94ef
commit 7dadc47c1b
6 changed files with 54 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/configexamples/dhcp-relay-through-gre-bridge.rst
View File

@ -26,8 +26,8 @@ DHCP Server
set interfaces loopback lo address '192.168.3.3/24'
set interfaces tunnel tun100 address '172.16.0.2/30'
set interfaces tunnel tun100 encapsulation 'gre-bridge'
set interfaces tunnel tun100 local-ip '10.0.2.1'
set interfaces tunnel tun100 remote-ip '192.168.0.1'
set interfaces tunnel tun100 source-address '10.0.2.1'
set interfaces tunnel tun100 remote '192.168.0.1'
set protocols ospf area 0 network '192.168.3.0/24'
set protocols ospf area 0 network '10.0.2.0/24'
set protocols ospf parameters router-id '192.168.3.3'
@ -42,7 +42,7 @@ DHCP Server
set service dhcp-server shared-network-name asdf subnet 10.2.1.0/24 range 0 stop '10.2.1.233'
set service dhcp-server shared-network-name asdf subnet 172.16.0.0/30 range 0 start '172.16.0.1'
set service dhcp-server shared-network-name asdf subnet 172.16.0.0/30 range 0 stop '172.16.0.2'
In-Between Router
"""""""""""""""""
@ -54,7 +54,7 @@ In-Between Router
set protocols ospf area 0 network '192.168.0.0/24'
set protocols ospf area 0 network '10.0.2.0/24'
set protocols ospf parameters router-id '192.168.0.2'
DHCP Relay
""""""""""
@ -66,8 +66,8 @@ DHCP Relay
set interfaces loopback lo address '10.100.100.1'
set interfaces tunnel tun100 address '172.16.0.1/30'
set interfaces tunnel tun100 encapsulation 'gre-bridge'
set interfaces tunnel tun100 local-ip '192.168.0.1'
set interfaces tunnel tun100 remote-ip '10.0.2.1'
set interfaces tunnel tun100 source-address '192.168.0.1'
set interfaces tunnel tun100 remote '10.0.2.1'
set protocols ospf area 0 network '10.0.1.0/24'
set protocols ospf area 0 network '192.168.0.0/24'
set protocols ospf area 0 network '10.100.100.0/24'
@ -76,4 +76,3 @@ DHCP Relay
set service dhcp-relay interface 'eth0'
set service dhcp-relay interface 'tun100'
set service dhcp-relay server '192.168.3.3'

10
docs/configexamples/tunnelbroker-ipv6.rst
View File

@ -33,10 +33,10 @@ tunnel information page.
set interfaces tunnel tun0 address Client_IPv6_from_Tunnelbroker # This will be your VyOS install's public IPv6 address
set interfaces tunnel tun0 description 'HE.NET IPv6 Tunnel'
set interfaces tunnel tun0 encapsulation 'sit'
set interfaces tunnel tun0 local-ip Client_IPv4_from_Tunnelbroker # This is your public IP
set interfaces tunnel tun0 source-address Client_IPv4_from_Tunnelbroker # This is your public IP
set interfaces tunnel tun0 mtu '1472'
set interfaces tunnel tun0 multicast 'disable'
set interfaces tunnel tun0 remote-ip Server_IPv4_from_Tunnelbroker # This is the IP of the Tunnelbroker server
set interfaces tunnel tun0 remote Server_IPv4_from_Tunnelbroker # This is the IP of the Tunnelbroker server
set protocols static interface-route6 ::/0 next-hop-interface tun0 # Tell all traffic to go over this tunnel
commit
@ -112,7 +112,7 @@ should be replaced with the information from your `Routed /64` tunnel):
set interfaces ethernet eth1 address '2001:470:xxxx:xxxx::1/64'
set service router-advert interface eth1 name-server '2001:4860:4860::8888'
set service router-advert interface eth1 name-server '2001:4860:4860::8844'
set service router-advert interface eth1 prefix 2001:470:xxxx:xxxx::/64
set service router-advert interface eth1 prefix 2001:470:xxxx:xxxx::/64
Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default,
'valid-lifetime' and 'preferred-lifetime' are set to default values of
@ -150,11 +150,11 @@ So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:
set service router-advert interface eth1 name-server '2001:4860:4860::8888'
set service router-advert interface eth1 name-server '2001:4860:4860::8844'
set service router-advert interface eth1 prefix 2001:470:xxxx:1::/64
set interfaces ethernet eth2 address '2001:470:xxxx:2::1/64'
set service router-advert interface eth2 name-server '2001:4860:4860::8888'
set service router-advert interface eth2 name-server '2001:4860:4860::8844'
set service router-advert interface eth2 prefix 2001:470:xxxx:2::/64
set service router-advert interface eth2 prefix 2001:470:xxxx:2::/64
set interfaces ethernet eth3 address '2001:470:xxxx:3::1/64'
set service router-advert interface eth3 name-server '2001:4860:4860::8888'

20
docs/configuration/interfaces/l2tpv3.rst
View File

@ -47,14 +47,14 @@ L2TPv3 options
This defaults to UDP
.. cfgcmd:: set interfaces l2tpv3 <interface> local-ip <address>
.. cfgcmd:: set interfaces l2tpv3 <interface> source-address <address>
Set the IP address of the local interface to be used for the tunnel.
This address must be the address of a local interface. It may be specified as
an IPv4 address or an IPv6 address.
.. cfgcmd:: set interfaces l2tpv3 <interface> remote-ip <address>
.. cfgcmd:: set interfaces l2tpv3 <interface> remote <address>
Set the IP address of the remote peer. It may be specified as
an IPv4 address or an IPv6 address.
@ -94,10 +94,10 @@ Over IP
l2tpv3 l2tpeth10 {
address 192.168.37.1/27
encapsulation ip
local-ip 192.0.2.1
source-address 192.0.2.1
peer-session-id 100
peer-tunnel-id 200
remote-ip 203.0.113.24
remote 203.0.113.24
session-id 100
tunnel-id 200
}
@ -109,7 +109,7 @@ Over UDP
UDP mode works better with NAT:
* Set local-ip to your local IP (LAN).
* Set source-address to your local IP (LAN).
* Add a forwarding rule matching UDP port on your internet router.
.. code-block:: none
@ -119,10 +119,10 @@ UDP mode works better with NAT:
address 192.168.37.1/27
destination-port 9001
encapsulation udp
local-ip 192.0.2.1
source-address 192.0.2.1
peer-session-id 100
peer-tunnel-id 200
remote-ip 203.0.113.24
remote 203.0.113.24
session-id 100
source-port 9000
tunnel-id 200
@ -159,7 +159,7 @@ IPSec:
set vpn ipsec site-to-site peer <peer-ip> connection-type 'initiate'
set vpn ipsec site-to-site peer <peer-ip> ike-group 'test-IKE-1'
set vpn ipsec site-to-site peer <peer-ip> ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer <peer-ip> local-address <local-ip>
set vpn ipsec site-to-site peer <peer-ip> local-address <source-address>
set vpn ipsec site-to-site peer <peer-ip> tunnel 1 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer <peer-ip> tunnel 1 allow-public-networks 'disable'
set vpn ipsec site-to-site peer <peer-ip> tunnel 1 esp-group 'test-ESP-1'
@ -184,11 +184,11 @@ L2TPv3:
set interfaces l2tpv3 l2tpeth0 description 'L2 VPN Tunnel'
set interfaces l2tpv3 l2tpeth0 destination-port '5000'
set interfaces l2tpv3 l2tpeth0 encapsulation 'ip'
set interfaces l2tpv3 l2tpeth0 local-ip <local-ip>
set interfaces l2tpv3 l2tpeth0 source-address <source-address>
set interfaces l2tpv3 l2tpeth0 mtu '1500'
set interfaces l2tpv3 l2tpeth0 peer-session-id '110'
set interfaces l2tpv3 l2tpeth0 peer-tunnel-id '10'
set interfaces l2tpv3 l2tpeth0 remote-ip <peer-ip>
set interfaces l2tpv3 l2tpeth0 remote <peer-ip>
set interfaces l2tpv3 l2tpeth0 session-id '110'
set interfaces l2tpv3 l2tpeth0 source-port '5000'
set interfaces l2tpv3 l2tpeth0 tunnel-id '10'

50
docs/configuration/interfaces/tunnel.rst
View File

@ -34,8 +34,8 @@ An example:
.. code-block:: none
set interfaces tunnel tun0 encapsulation ipip
set interfaces tunnel tun0 local-ip 192.0.2.10
set interfaces tunnel tun0 remote-ip 203.0.113.20
set interfaces tunnel tun0 source-address 192.0.2.10
set interfaces tunnel tun0 remote 203.0.113.20
set interfaces tunnel tun0 address 192.168.100.200/24
IP6IP6
@ -52,8 +52,8 @@ An example:
.. code-block:: none
set interfaces tunnel tun0 encapsulation ip6ip6
set interfaces tunnel tun0 local-ip 2001:db8:aa::1
set interfaces tunnel tun0 remote-ip 2001:db8:aa::2
set interfaces tunnel tun0 source-address 2001:db8:aa::1
set interfaces tunnel tun0 remote 2001:db8:aa::2
set interfaces tunnel tun0 address 2001:db8:bb::1/64
IPIP6
@ -69,8 +69,8 @@ An example:
.. code-block:: none
set interfaces tunnel tun0 encapsulation ipip6
set interfaces tunnel tun0 local-ip 2001:db8:aa::1
set interfaces tunnel tun0 remote-ip 2001:db8:aa::2
set interfaces tunnel tun0 source-address 2001:db8:aa::1
set interfaces tunnel tun0 remote 2001:db8:aa::2
set interfaces tunnel tun0 address 192.168.70.80/24
6in4 (SIT)
@ -91,8 +91,8 @@ An example:
.. code-block:: none
set interfaces tunnel tun0 encapsulation sit
set interfaces tunnel tun0 local-ip 192.0.2.10
set interfaces tunnel tun0 remote-ip 192.0.2.20
set interfaces tunnel tun0 source-address 192.0.2.10
set interfaces tunnel tun0 remote 192.0.2.20
set interfaces tunnel tun0 address 2001:db8:bb::1/64
A full example of a Tunnelbroker.net config can be found at
@ -114,8 +114,8 @@ over either IPv4 (gre) or IPv6 (ip6gre).
Configuration
^^^^^^^^^^^^^
A basic configuration requires a tunnel source (local-ip), a tunnel destination
(remote-ip), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a
A basic configuration requires a tunnel source (source-address), a tunnel destination
(remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a
basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS
router. The main difference between these two configurations is that VyOS
requires you explicitly configure the encapsulation type. The Cisco router
@ -127,8 +127,8 @@ defaults to GRE IP otherwise it would have to be configured as well.
set interfaces tunnel tun100 address '10.0.0.1/30'
set interfaces tunnel tun100 encapsulation 'gre'
set interfaces tunnel tun100 local-ip '198.51.100.2'
set interfaces tunnel tun100 remote-ip '203.0.113.10'
set interfaces tunnel tun100 source-address '198.51.100.2'
set interfaces tunnel tun100 remote '203.0.113.10'
**Cisco IOS Router:**
@ -149,8 +149,8 @@ and a Linux host using systemd-networkd.
set interfaces tunnel tun101 address '2001:db8:feed:beef::1/126'
set interfaces tunnel tun101 address '192.168.5.1/30'
set interfaces tunnel tun101 encapsulation 'ip6gre'
set interfaces tunnel tun101 local-ip '2001:db8:babe:face::3afe:3'
set interfaces tunnel tun101 remote-ip '2001:db8:9bb:3ce::5'
set interfaces tunnel tun101 source-address '2001:db8:babe:face::3afe:3'
set interfaces tunnel tun101 remote '2001:db8:9bb:3ce::5'
**Linux systemd-networkd:**
@ -191,23 +191,23 @@ An example:
.. code-block:: none
set interfaces tunnel tun0 local-ip 192.0.2.10
set interfaces tunnel tun0 remote-ip 192.0.2.20
set interfaces tunnel tun0 source-address 192.0.2.10
set interfaces tunnel tun0 remote 192.0.2.20
set interfaces tunnel tun0 address 10.40.50.60/24
set interfaces tunnel tun0 parameters ip key 10
.. code-block:: none
set interfaces tunnel tun0 local-ip 192.0.2.10
set interfaces tunnel tun0 remote-ip 192.0.2.20
set interfaces tunnel tun0 source-address 192.0.2.10
set interfaces tunnel tun0 remote 192.0.2.20
set interfaces tunnel tun0 address 172.16.17.18/24
set interfaces tunnel tun0 parameters ip key 20
GRE-Bridge
^^^^^^^^^^
While normal GRE is for layer 3, GRE-Bridge is for layer 2. GRE-Bridge can
encapsulate Ethernet frames, thus it can be bridged with other interfaces to
While normal GRE is for layer 3, GRE-Bridge is for layer 2. GRE-Bridge can
encapsulate Ethernet frames, thus it can be bridged with other interfaces to
create datalink layer segments that span multiple remote sites.
Layer 2 GRE example:
@ -216,9 +216,9 @@ Layer 2 GRE example:
set interfaces bridge br0 member interface eth0
set interfaces bridge br0 member interface tun0
set interfaces tunnel tun0 encapsulation gre-bridge
set interfaces tunnel tun0 local-ip 198.51.100.2
set interfaces tunnel tun0 remote-ip 203.0.113.10
set interfaces tunnel tun0 encapsulation gretap
set interfaces tunnel tun0 source-address 192.0.2.100
set interfaces tunnel tun0 remote 192.0.2.1
Troubleshooting
^^^^^^^^^^^^^^^
@ -229,7 +229,7 @@ to make sure the configuration performs as expected. A common cause for GRE
tunnels to fail to come up correctly include ACL or Firewall configurations
that are discarding IP protocol 47 or blocking your source/destination traffic.
**1. Confirm IP connectivity between tunnel local-ip and remote-ip:**
**1. Confirm IP connectivity between tunnel source-address and remote:**
.. code-block:: none

4
docs/configuration/vpn/dmvpn.rst
View File

@ -188,7 +188,7 @@ Hub
set interfaces tunnel tun100 address '172.16.253.134/29'
set interfaces tunnel tun100 encapsulation 'gre'
set interfaces tunnel tun100 local-ip '192.0.2.1'
set interfaces tunnel tun100 source-address '192.0.2.1'
set interfaces tunnel tun100 multicast 'enable'
set interfaces tunnel tun100 parameters ip key '1'
@ -293,7 +293,7 @@ VyOS can also run in DMVPN spoke mode.
set interfaces ethernet eth0 address 'dhcp'
set interfaces tunnel tun100 address '172.16.253.133/29'
set interfaces tunnel tun100 local-ip 0.0.0.0
set interfaces tunnel tun100 source-address 0.0.0.0
set interfaces tunnel tun100 encapsulation 'gre'
set interfaces tunnel tun100 multicast 'enable'
set interfaces tunnel tun100 parameters ip key '1'

12
docs/configuration/vpn/ipsec.rst
View File

@ -46,8 +46,8 @@ On the LEFT:
# GRE tunnel
set interfaces tunnel tun0 encapsulation gre
set interfaces tunnel tun0 local-ip 192.0.2.10
set interfaces tunnel tun0 remote-ip 203.0.113.45
set interfaces tunnel tun0 source-address 192.0.2.10
set interfaces tunnel tun0 remote 203.0.113.45
set interfaces tunnel tun0 address 10.10.10.1/30
## IPsec
@ -98,8 +98,8 @@ On the LEFT:
set interfaces tunnel tun0 encapsulation gre
set interfaces tunnel tun0 address 10.10.10.1/30
set interfaces tunnel tun0 local-ip 192.168.99.1
set interfaces tunnel tun0 remote-ip 192.168.99.2
set interfaces tunnel tun0 source-address 192.168.99.1
set interfaces tunnel tun0 remote 192.168.99.2
On the RIGHT:
@ -109,8 +109,8 @@ On the RIGHT:
set interfaces tunnel tun0 encapsulation gre
set interfaces tunnel tun0 address 10.10.10.2/30
set interfaces tunnel tun0 local-ip 192.168.99.2
set interfaces tunnel tun0 remote-ip 192.168.99.1
set interfaces tunnel tun0 source-address 192.168.99.2
set interfaces tunnel tun0 remote 192.168.99.1
**Setting up IPSec**