Modified the documentation as per the new format/syntax

docs/configuration/vpn/ipsec.rst

@@ -166,7 +166,7 @@ VyOS ESP group has the next options:
 ***********************************************
 Options (Global IPsec settings) Attributes
 *********************************************** 
-* ``options`` IPsec settings:
+* ``options``
 
  * ``disable-route-autoinstall`` Do not automatically install routes to remote networks;
  
@@ -210,16 +210,18 @@ On the LEFT:
   set vpn ipsec esp-group MyESPGroup proposal 1 hash 'sha1'
 
   # IPsec tunnel
-  set vpn ipsec site-to-site peer 203.0.113.45 authentication mode pre-shared-secret
+  set vpn ipsec site-to-site peer right authentication mode pre-shared-secret
-  set vpn ipsec site-to-site peer 203.0.113.45 authentication pre-shared-secret MYSECRETKEY
+  set vpn ipsec site-to-site peer right authentication pre-shared-secret MYSECRETKEY
+  set vpn ipsec site-to-site peer right authentication remote-id 203.0.113.45
 
-  set vpn ipsec site-to-site peer 203.0.113.45 ike-group MyIKEGroup
+  set vpn ipsec site-to-site peer right ike-group MyIKEGroup
-  set vpn ipsec site-to-site peer 203.0.113.45 default-esp-group MyESPGroup
+  set vpn ipsec site-to-site peer right default-esp-group MyESPGroup
 
-  set vpn ipsec site-to-site peer 203.0.113.45 local-address 192.0.2.10
+  set vpn ipsec site-to-site peer right local-address 192.0.2.10
+  set vpn ipsec site-to-site peer right remote-address 203.0.113.45
 
   # This will match all GRE traffic to the peer
-  set vpn ipsec site-to-site peer 203.0.113.45 tunnel 1 protocol gre
+  set vpn ipsec site-to-site peer right tunnel 1 protocol gre
 
 On the RIGHT, setup by analogy and swap local and remote addresses.
 
@@ -235,6 +237,8 @@ an IPsec policy to match those loopback addresses.
 We assume that the LEFT router has static 192.0.2.10 address on eth0, and the
 RIGHT router has a dynamic address on eth0.
 
+The peer names RIGHT and LEFT are used as informational text.
+
 **Setting up the GRE tunnel**
 
 On the LEFT:
@@ -325,17 +329,17 @@ On the LEFT (static address):
   set vpn ipsec ike-group MyIKEGroup proposal 1 encryption aes128
   set vpn ipsec ike-group MyIKEGroup proposal 1 hash sha1
 
-  set vpn ipsec site-to-site peer @RIGHT authentication id LEFT
+  set vpn ipsec site-to-site peer RIGHT authentication local-id LEFT
-  set vpn ipsec site-to-site peer @RIGHT authentication mode rsa
+  set vpn ipsec site-to-site peer RIGHT authentication mode rsa
-  set vpn ipsec site-to-site peer @RIGHT authentication rsa local-key ipsec-LEFT
+  set vpn ipsec site-to-site peer RIGHT authentication rsa local-key ipsec-LEFT
-  set vpn ipsec site-to-site peer @RIGHT authentication rsa remote-key ipsec-RIGHT
+  set vpn ipsec site-to-site peer RIGHT authentication rsa remote-key ipsec-RIGHT
-  set vpn ipsec site-to-site peer @RIGHT authentication remote-id RIGHT
+  set vpn ipsec site-to-site peer RIGHT authentication remote-id RIGHT
-  set vpn ipsec site-to-site peer @RIGHT default-esp-group MyESPGroup
+  set vpn ipsec site-to-site peer RIGHT default-esp-group MyESPGroup
-  set vpn ipsec site-to-site peer @RIGHT ike-group MyIKEGroup
+  set vpn ipsec site-to-site peer RIGHT ike-group MyIKEGroup
-  set vpn ipsec site-to-site peer @RIGHT local-address 192.0.2.10
+  set vpn ipsec site-to-site peer RIGHT local-address 192.0.2.10
-  set vpn ipsec site-to-site peer @RIGHT connection-type respond
+  set vpn ipsec site-to-site peer RIGHT connection-type respond
-  set vpn ipsec site-to-site peer @RIGHT tunnel 1 local prefix 192.168.99.1/32  # Additional loopback address on the local
+  set vpn ipsec site-to-site peer RIGHT tunnel 1 local prefix 192.168.99.1/32  # Additional loopback address on the local
-  set vpn ipsec site-to-site peer @RIGHT tunnel 1 remote prefix 192.168.99.2/32 # Additional loopback address on the remote
+  set vpn ipsec site-to-site peer RIGHT tunnel 1 remote prefix 192.168.99.2/32 # Additional loopback address on the remote
 
 On the RIGHT (dynamic address):
 
@@ -350,14 +354,15 @@ On the RIGHT (dynamic address):
   set vpn ipsec ike-group MyIKEGroup proposal 1 encryption aes128
   set vpn ipsec ike-group MyIKEGroup proposal 1 hash sha1
 
-  set vpn ipsec site-to-site peer 192.0.2.10 authentication id RIGHT
+  set vpn ipsec site-to-site peer LEFT authentication local-id RIGHT
-  set vpn ipsec site-to-site peer 192.0.2.10 authentication mode rsa
+  set vpn ipsec site-to-site peer LEFT authentication mode rsa
-  set vpn ipsec site-to-site peer 192.0.2.10 authentication rsa local-key ipsec-RIGHT
+  set vpn ipsec site-to-site peer LEFT authentication rsa local-key ipsec-RIGHT
-  set vpn ipsec site-to-site peer 192.0.2.10 authentication rsa remote-key ipsec-LEFT
+  set vpn ipsec site-to-site peer LEFT authentication rsa remote-key ipsec-LEFT
-  set vpn ipsec site-to-site peer 192.0.2.10 authentication remote-id LEFT
+  set vpn ipsec site-to-site peer LEFT authentication remote-id LEFT
-  set vpn ipsec site-to-site peer 192.0.2.10 connection-type initiate
+  set vpn ipsec site-to-site peer LEFT connection-type initiate
-  set vpn ipsec site-to-site peer 192.0.2.10 default-esp-group MyESPGroup
+  set vpn ipsec site-to-site peer LEFT default-esp-group MyESPGroup
-  set vpn ipsec site-to-site peer 192.0.2.10 ike-group MyIKEGroup
+  set vpn ipsec site-to-site peer LEFT ike-group MyIKEGroup
-  set vpn ipsec site-to-site peer 192.0.2.10 local-address any
+  set vpn ipsec site-to-site peer LEFT local-address any
-  set vpn ipsec site-to-site peer 192.0.2.10 tunnel 1 local prefix 192.168.99.2/32  # Additional loopback address on the local
+  set vpn ipsec site-to-site peer LEFT remote-address 192.0.2.10
-  set vpn ipsec site-to-site peer 192.0.2.10 tunnel 1 remote prefix 192.168.99.1/32 # Additional loopback address on the remote
+  set vpn ipsec site-to-site peer LEFT tunnel 1 local prefix 192.168.99.2/32  # Additional loopback address on the local
+  set vpn ipsec site-to-site peer LEFT tunnel 1 remote prefix 192.168.99.1/32 # Additional loopback address on the remote

docs/configuration/vpn/site2site_ipsec.rst

@@ -8,19 +8,10 @@ to exchange encrypted information between them and VyOS itself or
 connected/routed networks.
 
 To configure site-to-site connection you need to add peers with the
-``set vpn ipsec site-to-site`` command.
+``set vpn ipsec site-to-site peer <name>`` command.
 
-You can identify a remote peer with:
+The peer name must be an alphanumeric and can have hypen or underscore as 
-
+special characters. It is purely informational. 
-* IPv4 or IPv6 address. This mode is easiest for configuration and mostly used
-  when a peer has a public static IP address;
-* Hostname. This mode is similar to IP address, only you define DNS name instead
-  of an IP. Could be used when a peer has a public IP address and DNS name, but
-  an IP address could be changed from time to time;
-* Remote ID of the peer. In this mode, there is no predefined remote address
-  nor DNS name of the peer. This mode is useful when a peer doesn't have a
-  publicly available IP address (NAT between it and VyOS), or IP address could
-  be changed.
 
 Each site-to-site peer has the next options:
 
@@ -111,6 +102,11 @@ Each site-to-site peer has the next options:
   If defined ``any``, then an IP address which configured on interface with
   default route will be used;
 
+* ``remote-address`` - remote IP address or hostname for IPSec connection.
+  IPv4 or IPv6 address is used when a peer has a public static IP address.
+  Hostname is a DNS name which could be used when a peer has a public IP 
+  address and DNS name, but an IP address could be changed from time to time.
+
 * ``tunnel`` - define criteria for traffic to be matched for encrypting and send
   it to a peer: