vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

arrange services and protocols

Browse Source
This commit is contained in:
rebortg 2020-11-30 20:53:36 +01:00
parent e33e1268f9
commit 8943fc9f87
43 changed files with 443 additions and 404 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
docs/configuration/firewall/index.rst
View File

@ -766,3 +766,68 @@ Example Partial Config
} }
} }
} }
.. _routing-mss-clamp:
################
TCP-MSS Clamping
################
As Internet wide PMTU discovery rarely works, we sometimes need to clamp
our TCP MSS value to a specific value. This is a field in the TCP
Options part of a SYN packet. By setting the MSS value, you are telling
the remote side unequivocally 'do not try to send me packets bigger than
this value'.
Starting with VyOS 1.2 there is a firewall option to clamp your TCP MSS
value for IPv4 and IPv6.
.. note:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting
in 1452 bytes on a 1492 byte MTU.
IPv4
====
.. cfgcmd:: set firewall options interface <interface> adjust-mss <number-of-bytes>
Use this command to set the maximum segment size for IPv4 transit
packets on a specific interface (500-1460 bytes).
Example
-------
Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and
`1372`
for your WireGuard `wg02` tunnel.
.. code-block:: none
set firewall options interface pppoe0 adjust-mss '1452'
set firewall options interface wg02 adjust-mss '1372'
IPv6
====
.. cfgcmd:: set firewall options interface <interface> adjust-mss6 <number-of-bytes>
Use this command to set the maximum segment size for IPv6 transit
packets on a specific interface (1280-1492 bytes).
Example
-------
Clamp outgoing MSS value in a TCP SYN packet to `1280` for both `pppoe0` and
`wg02` interface.
.. code-block:: none
set firewall options interface pppoe0 adjust-mss6 '1280'
set firewall options interface wg02 adjust-mss6 '1280'
.. hint:: When doing your byte calculations, you might find useful this
`Visual packet size calculator <https://baturin.org/tools/encapcalc/>`_.

0
docs/routing/bfd.rst → docs/configuration/protocols/bfd.rst
View File

0
docs/routing/bgp.rst → docs/configuration/protocols/bgp.rst
View File

2
docs/configuration/protocols/igmp-proxy.rst Normal file
View File

@ -0,0 +1,2 @@
igmp-proxy
##########

0
docs/routing/multicast.rst → docs/configuration/protocols/igmp.rst
View File

22
docs/configuration/protocols/index.rst Normal file
View File

@ -0,0 +1,22 @@
#########
Protocols
#########
.. toctree::
:maxdepth: 1
:includehidden:
bfd
bgp
igmp
igmp-proxy
mpls
ospf
ospfv3
pim
rip
ripng
rpki
static
vrf

0
docs/routing/mpls.rst → docs/configuration/protocols/mpls.rst
View File

70
docs/configuration/protocols/ospf.rst Normal file
View File

@ -0,0 +1,70 @@
.. include:: /_include/need_improvement.txt
.. _routing-ospf:
####
OSPF
####
:abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet
Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls
into the group of interior gateway protocols (IGPs), operating within a single
autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998)
for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340`
(2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)`
addressing model.
OSPF is a widely used IGP in large enterprise networks.
OSPFv2 (IPv4)
#############
In order to have a VyOS system exchanging routes with OSPF neighbors, you will
at least need to configure an OSPF area and some network.
.. code-block:: none
set protocols ospf area 0 network 192.168.0.0/24
That is the minimum configuration you will need.
It is a good practice to define the router ID too.
.. code-block:: none
set protocols ospf parameters router-id 10.1.1.1
Below you can see a typical configuration using 2 nodes, redistribute loopback
address and the node 1 sending the default route:
**Node 1**
.. code-block:: none
set interfaces loopback lo address 10.1.1.1/32
set protocols ospf area 0 network 192.168.0.0/24
set protocols ospf default-information originate always
set protocols ospf default-information originate metric 10
set protocols ospf default-information originate metric-type 2
set protocols ospf log-adjacency-changes
set protocols ospf parameters router-id 10.1.1.1
set protocols ospf redistribute connected metric-type 2
set protocols ospf redistribute connected route-map CONNECT
set policy route-map CONNECT rule 10 action permit
set policy route-map CONNECT rule 10 match interface lo
**Node 2**
.. code-block:: none
set interfaces loopback lo address 10.2.2.2/32
set protocols ospf area 0 network 192.168.0.0/24
set protocols ospf log-adjacency-changes
set protocols ospf parameters router-id 10.2.2.2
set protocols ospf redistribute connected metric-type 2
set protocols ospf redistribute connected route-map CONNECT
set policy route-map CONNECT rule 10 action permit
set policy route-map CONNECT rule 10 match interface lo

70
docs/routing/ospf.rst → docs/configuration/protocols/ospfv3.rst
View File

@ -1,73 +1,3 @@
.. include:: /_include/need_improvement.txt
.. _routing-ospf:
####
OSPF
####
:abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet
Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls
into the group of interior gateway protocols (IGPs), operating within a single
autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998)
for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340`
(2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)`
addressing model.
OSPF is a widely used IGP in large enterprise networks.
OSPFv2 (IPv4)
#############
In order to have a VyOS system exchanging routes with OSPF neighbors, you will
at least need to configure an OSPF area and some network.
.. code-block:: none
set protocols ospf area 0 network 192.168.0.0/24
That is the minimum configuration you will need.
It is a good practice to define the router ID too.
.. code-block:: none
set protocols ospf parameters router-id 10.1.1.1
Below you can see a typical configuration using 2 nodes, redistribute loopback
address and the node 1 sending the default route:
**Node 1**
.. code-block:: none
set interfaces loopback lo address 10.1.1.1/32
set protocols ospf area 0 network 192.168.0.0/24
set protocols ospf default-information originate always
set protocols ospf default-information originate metric 10
set protocols ospf default-information originate metric-type 2
set protocols ospf log-adjacency-changes
set protocols ospf parameters router-id 10.1.1.1
set protocols ospf redistribute connected metric-type 2
set protocols ospf redistribute connected route-map CONNECT
set policy route-map CONNECT rule 10 action permit
set policy route-map CONNECT rule 10 match interface lo
**Node 2**
.. code-block:: none
set interfaces loopback lo address 10.2.2.2/32
set protocols ospf area 0 network 192.168.0.0/24
set protocols ospf log-adjacency-changes
set protocols ospf parameters router-id 10.2.2.2
set protocols ospf redistribute connected metric-type 2
set protocols ospf redistribute connected route-map CONNECT
set policy route-map CONNECT rule 10 action permit
set policy route-map CONNECT rule 10 match interface lo
OSPFv3 (IPv6) OSPFv3 (IPv6)
############# #############

2
docs/configuration/protocols/pim.rst Normal file
View File

@ -0,0 +1,2 @@
PIM
###

0
docs/routing/rip.rst → docs/configuration/protocols/rip.rst
View File

3
docs/configuration/protocols/ripng.rst Normal file
View File

@ -0,0 +1,3 @@
#####
RIPng
#####

0
docs/routing/rpki.rst → docs/configuration/protocols/rpki.rst
View File

61
docs/routing/static.rst → docs/configuration/protocols/static.rst
View File

@ -132,3 +132,64 @@ TBD
Alternate routing tables are used with policy based routing of by utilizing Alternate routing tables are used with policy based routing of by utilizing
:ref:`vrf`. :ref:`vrf`.
.. _routing-arp:
###
ARP
###
:abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for
discovering the link layer address, such as a MAC address, associated with a
given internet layer address, typically an IPv4 address. This mapping is a
critical function in the Internet protocol suite. ARP was defined in 1982 by
:rfc:`826` which is Internet Standard STD 37.
In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is
provided by the Neighbor Discovery Protocol (NDP).
To manipulate or display ARP_ table entries, the following commands are
implemented.
Configure
=========
.. cfgcmd:: set protocols static arp <address> hwaddr <mac>
This will configure a static ARP entry always resolving `<address>` to
`<mac>`.
Example:
.. code-block:: none
set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa
Operation
=========
.. opcmd:: show protocols static arp
Display all known ARP table entries spanning across all interfaces
.. code-block:: none
vyos@vyos:~$ show protocols static arp
Address HWtype HWaddress Flags Mask Iface
10.1.1.1 ether 00:53:00:de:23:2e C eth1
10.1.1.100 ether 00:53:00:de:23:aa CM eth1
.. opcmd:: show protocols static arp interface eth1
Display all known ARP table entries on a given interface only (`eth1`):
.. code-block:: none
vyos@vyos:~$ show protocols static arp interface eth1
Address HWtype HWaddress Flags Mask Iface
10.1.1.1 ether 00:53:00:de:23:2e C eth1
10.1.1.100 ether 00:53:00:de:23:aa CM eth1
.. _ARP: https://en.wikipedia.org/wiki/Address_Resolution_Protocol

3
docs/configuration/protocols/vrf.rst Normal file
View File

@ -0,0 +1,3 @@
#############
Protocols VRF
#############

0
docs/services/udp-broadcast-relay.rst → docs/configuration/service/broadcast-relay.rst
View File

0
docs/services/conntrack.rst → docs/configuration/service/conntrack-sync.rst
View File

0
docs/services/console-server.rst → docs/configuration/service/console-server.rst
View File

2
docs/configuration/service/dhcp-relay.rst Normal file
View File

@ -0,0 +1,2 @@
dhcp-relay
##########

0
docs/services/dhcp.rst → docs/configuration/service/dhcp-server.rst
View File

2
docs/configuration/service/dhcpv6-relay.rst Normal file
View File

@ -0,0 +1,2 @@
dhcpv6-relay
############

2
docs/configuration/service/dhcpv6-server.rst Normal file
View File

@ -0,0 +1,2 @@
dhcpv6-server
#############

166
docs/services/dns-forwarding.rst → docs/configuration/service/dns.rst
View File

@ -145,3 +145,169 @@ Operation
.. opcmd:: restart dns forwarding .. opcmd:: restart dns forwarding
Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache. Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache.
.. _dynamic-dns:
###########
Dynamic DNS
###########
VyOS is able to update a remote DNS record when an interface gets a new IP
address. In order to do so, VyOS includes ddclient_, a Perl script written for
this only one purpose.
ddclient_ uses two methods to update a DNS record. The first one will send
updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second
one involves a third party service, like DynDNS.com or any other similar
website. This method uses HTTP requests to transmit the new IP address. You
can configure both in VyOS.
Configuration
=============
:rfc:`2136` Based
-----------------
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name>
Create new :rfc:`2136` DNS update configuration which will update the IP
address assigned to `<interface>` on the service you configured under
`<service-name>`.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> key <keyfile>
File identified by `<keyfile>` containing the secret RNDC key shared with
remote DNS server.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> server <server>
Configure the DNS `<server>` IP/FQDN used when updating this dynamic
assignment.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> zone <zone>
Configure DNS `<zone>` to be updated.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> record <record>
Configure DNS `<record>` which should be updated. This can be set multiple
times.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> ttl <ttl>
Configure optional TTL value on the given resource record. This defualts to
600 seconds.
Example
^^^^^^^
* Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``
* Use auth key file at ``/config/auth/my.key``
* Set TTL to 300 seconds
.. code-block:: none
vyos@vyos# show service dns dynamic
interface eth0.7 {
rfc2136 VyOS-DNS {
key /config/auth/my.key
record example.vyos.io
server ns1.vyos.io
ttl 300
zone vyos.io
}
}
This will render the following ddclient_ configuration entry:
.. code-block:: none
#
# ddclient configuration for interface "eth0.7":
#
use=if, if=eth0.7
# RFC2136 dynamic DNS configuration for example.vyos.io.vyos.io
server=ns1.vyos.io
protocol=nsupdate
password=/config/auth/my.key
ttl=300
zone=vyos.io
example.vyos.io
.. note:: You can also keep different DNS zone updated. Just create a new
config node: ``set service dns dynamic interface <interface> rfc2136
<other-service-name>``
HTTP based services
-------------------
VyOS is also able to use any service relying on protocols supported by ddclient.
To use such a service, one must define a login, password, one or multiple
hostnames, protocol and server.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> host-name <hostname>
Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS
provider identified by `<service>` when the IP address on interface
`<interface>` changes.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> login <username>
Configure `<username>` used when authenticating the update request for
DynDNS service identified by `<service>`.
For Namecheap, set the <domain> you wish to update.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> password <password>
Configure `<password>` used when authenticating the update request for
DynDNS service identified by `<service>`.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> protocol <protocol>
When a ``custom`` DynDNS provider is used the protocol used for communicating
to the provider must be specified under `<protocol>`. See the embedded
completion helper for available protocols.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> server <server>
When a ``custom`` DynDNS provider is used the `<server>` where update
requests are being sent to must be specified.
Example:
^^^^^^^^
Use DynDNS as your preferred provider:
.. code-block:: none
set service dns dynamic interface eth0 service dyndns
set service dns dynamic interface eth0 service dyndns login my-login
set service dns dynamic interface eth0 service dyndns password my-password
set service dns dynamic interface eth0 service dyndns host-name my-dyndns-hostname
.. note:: Multiple services can be used per interface. Just specify as many
serives per interface as you like!
Running Behind NAT
------------------
By default, ddclient_ will update a dynamic dns record using the IP address
directly attached to the interface. If your VyOS instance is behind NAT, your
record will be updated to point to your internal IP.
ddclient_ has another way to determine the WAN IP address. This is controlled
by:
.. cfgcmd:: set service dns dynamic interface <interface> use-web url <url>
Use configured `<url>` to determine your IP address. ddclient_ will load
`<url>` and tries to extract your IP address from the response.
.. cfgcmd:: set service dns dynamic interface <interface> use-web skip <pattern>
ddclient_ will skip any address located before the string set in `<pattern>`.
.. _ddclient: https://github.com/ddclient/ddclient

0
docs/automation/http-api.rst → docs/configuration/service/https.rst
View File

29
docs/configuration/service/index.rst Normal file
View File

@ -0,0 +1,29 @@
#######
Service
#######
.. toctree::
:maxdepth: 1
:includehidden:
broadcast-relay
conntrack-sync
console-server
dhcp-relay
dhcp-server
dhcpv6-relay
dhcpv6-server
dns
https
ipoe-server
lldp
mdns
pppoe-advert
pppoe-server
router-advert
salt-minion
snmp
ssh
tftp-server
webproxy

0
docs/services/ipoe-server.rst → docs/configuration/service/ipoe-server.rst
View File

0
docs/services/lldp.rst → docs/configuration/service/lldp.rst
View File

0
docs/services/mdns-repeater.rst → docs/configuration/service/mdns.rst
View File

2
docs/configuration/service/pppoe-advert.rst Normal file
View File

@ -0,0 +1,2 @@
pppoe-advert
############

0
docs/services/pppoe-server.rst → docs/configuration/service/pppoe-server.rst
View File

0
docs/services/router-advert.rst → docs/configuration/service/router-advert.rst
View File

2
docs/configuration/service/salt-minion.rst Normal file
View File

@ -0,0 +1,2 @@
salt-minion
###########

0
docs/services/snmp.rst → docs/configuration/service/snmp.rst
View File

0
docs/services/ssh.rst → docs/configuration/service/ssh.rst
View File

0
docs/services/tftp.rst → docs/configuration/service/tftp-server.rst
View File

0
docs/services/webproxy.rst → docs/configuration/service/webproxy.rst
View File

10
docs/operation/index.rst Normal file
View File

@ -0,0 +1,10 @@
##############
Operation Mode
##############
.. toctree::
:maxdepth: 1
:includehidden:
information
ip-command

0
docs/routing/ip-commands.rst → docs/operation/ip-commands.rst
View File

59
docs/routing/arp.rst
View File

@ -1,59 +0,0 @@
.. _routing-arp:
###
ARP
###
:abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for
discovering the link layer address, such as a MAC address, associated with a
given internet layer address, typically an IPv4 address. This mapping is a
critical function in the Internet protocol suite. ARP was defined in 1982 by
:rfc:`826` which is Internet Standard STD 37.
In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is
provided by the Neighbor Discovery Protocol (NDP).
To manipulate or display ARP_ table entries, the following commands are
implemented.
Configure
=========
.. cfgcmd:: set protocols static arp <address> hwaddr <mac>
This will configure a static ARP entry always resolving `<address>` to
`<mac>`.
Example:
.. code-block:: none
set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa
Operation
=========
.. opcmd:: show protocols static arp
Display all known ARP table entries spanning across all interfaces
.. code-block:: none
vyos@vyos:~$ show protocols static arp
Address HWtype HWaddress Flags Mask Iface
10.1.1.1 ether 00:53:00:de:23:2e C eth1
10.1.1.100 ether 00:53:00:de:23:aa CM eth1
.. opcmd:: show protocols static arp interface eth1
Display all known ARP table entries on a given interface only (`eth1`):
.. code-block:: none
vyos@vyos:~$ show protocols static arp interface eth1
Address HWtype HWaddress Flags Mask Iface
10.1.1.1 ether 00:53:00:de:23:2e C eth1
10.1.1.100 ether 00:53:00:de:23:aa CM eth1
.. _ARP: https://en.wikipedia.org/wiki/Address_Resolution_Protocol

22
docs/routing/index.rst
View File

@ -1,22 +0,0 @@
.. _routing:
#######
Routing
#######
.. toctree::
:maxdepth: 1
arp
bfd
bgp
mpls
mss-clamp
multicast
ip-commands
ospf
pbr
rip
policy
rpki
static

63
docs/routing/mss-clamp.rst
View File

@ -1,63 +0,0 @@
.. _routing-mss-clamp:
################
TCP-MSS Clamping
################
As Internet wide PMTU discovery rarely works, we sometimes need to clamp
our TCP MSS value to a specific value. This is a field in the TCP
Options part of a SYN packet. By setting the MSS value, you are telling
the remote side unequivocally 'do not try to send me packets bigger than
this value'.
Starting with VyOS 1.2 there is a firewall option to clamp your TCP MSS
value for IPv4 and IPv6.
.. note:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting
in 1452 bytes on a 1492 byte MTU.
IPv4
====
.. cfgcmd:: set firewall options interface <interface> adjust-mss <number-of-bytes>
Use this command to set the maximum segment size for IPv4 transit
packets on a specific interface (500-1460 bytes).
Example
-------
Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and
`1372`
for your WireGuard `wg02` tunnel.
.. code-block:: none
set firewall options interface pppoe0 adjust-mss '1452'
set firewall options interface wg02 adjust-mss '1372'
IPv6
====
.. cfgcmd:: set firewall options interface <interface> adjust-mss6 <number-of-bytes>
Use this command to set the maximum segment size for IPv6 transit
packets on a specific interface (1280-1492 bytes).
Example
-------
Clamp outgoing MSS value in a TCP SYN packet to `1280` for both `pppoe0` and
`wg02` interface.
.. code-block:: none
set firewall options interface pppoe0 adjust-mss6 '1280'
set firewall options interface wg02 adjust-mss6 '1280'
.. hint:: When doing your byte calculations, you might find useful this
`Visual packet size calculator <https://baturin.org/tools/encapcalc/>`_.

164
docs/services/dynamic-dns.rst
View File

@ -1,164 +0,0 @@
.. _dynamic-dns:
###########
Dynamic DNS
###########
VyOS is able to update a remote DNS record when an interface gets a new IP
address. In order to do so, VyOS includes ddclient_, a Perl script written for
this only one purpose.
ddclient_ uses two methods to update a DNS record. The first one will send
updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second
one involves a third party service, like DynDNS.com or any other similar
website. This method uses HTTP requests to transmit the new IP address. You
can configure both in VyOS.
Configuration
=============
:rfc:`2136` Based
-----------------
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name>
Create new :rfc:`2136` DNS update configuration which will update the IP
address assigned to `<interface>` on the service you configured under
`<service-name>`.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> key <keyfile>
File identified by `<keyfile>` containing the secret RNDC key shared with
remote DNS server.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> server <server>
Configure the DNS `<server>` IP/FQDN used when updating this dynamic
assignment.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> zone <zone>
Configure DNS `<zone>` to be updated.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> record <record>
Configure DNS `<record>` which should be updated. This can be set multiple
times.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> ttl <ttl>
Configure optional TTL value on the given resource record. This defualts to
600 seconds.
Example
^^^^^^^
* Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``
* Use auth key file at ``/config/auth/my.key``
* Set TTL to 300 seconds
.. code-block:: none
vyos@vyos# show service dns dynamic
interface eth0.7 {
rfc2136 VyOS-DNS {
key /config/auth/my.key
record example.vyos.io
server ns1.vyos.io
ttl 300
zone vyos.io
}
}
This will render the following ddclient_ configuration entry:
.. code-block:: none
#
# ddclient configuration for interface "eth0.7":
#
use=if, if=eth0.7
# RFC2136 dynamic DNS configuration for example.vyos.io.vyos.io
server=ns1.vyos.io
protocol=nsupdate
password=/config/auth/my.key
ttl=300
zone=vyos.io
example.vyos.io
.. note:: You can also keep different DNS zone updated. Just create a new
config node: ``set service dns dynamic interface <interface> rfc2136
<other-service-name>``
HTTP based services
-------------------
VyOS is also able to use any service relying on protocols supported by ddclient.
To use such a service, one must define a login, password, one or multiple
hostnames, protocol and server.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> host-name <hostname>
Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS
provider identified by `<service>` when the IP address on interface
`<interface>` changes.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> login <username>
Configure `<username>` used when authenticating the update request for
DynDNS service identified by `<service>`.
For Namecheap, set the <domain> you wish to update.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> password <password>
Configure `<password>` used when authenticating the update request for
DynDNS service identified by `<service>`.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> protocol <protocol>
When a ``custom`` DynDNS provider is used the protocol used for communicating
to the provider must be specified under `<protocol>`. See the embedded
completion helper for available protocols.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> server <server>
When a ``custom`` DynDNS provider is used the `<server>` where update
requests are being sent to must be specified.
Example:
^^^^^^^^
Use DynDNS as your preferred provider:
.. code-block:: none
set service dns dynamic interface eth0 service dyndns
set service dns dynamic interface eth0 service dyndns login my-login
set service dns dynamic interface eth0 service dyndns password my-password
set service dns dynamic interface eth0 service dyndns host-name my-dyndns-hostname
.. note:: Multiple services can be used per interface. Just specify as many
serives per interface as you like!
Running Behind NAT
------------------
By default, ddclient_ will update a dynamic dns record using the IP address
directly attached to the interface. If your VyOS instance is behind NAT, your
record will be updated to point to your internal IP.
ddclient_ has another way to determine the WAN IP address. This is controlled
by:
.. cfgcmd:: set service dns dynamic interface <interface> use-web url <url>
Use configured `<url>` to determine your IP address. ddclient_ will load
`<url>` and tries to extract your IP address from the response.
.. cfgcmd:: set service dns dynamic interface <interface> use-web skip <pattern>
ddclient_ will skip any address located before the string set in `<pattern>`.
.. _ddclient: https://github.com/ddclient/ddclient

26
docs/services/index.rst
View File

@ -1,26 +0,0 @@
.. _services:
########
Services
########
This chapter describes the available system/network services provided by VyOS.
.. toctree::
:maxdepth: 1
conntrack
console-server
dhcp
dns-forwarding
dynamic-dns
lldp
mdns-repeater
ipoe-server
pppoe-server
udp-broadcast-relay
router-advert
snmp
ssh
tftp
webproxy