configuration page: corrected spelling and grammatical mistakes

There were minimal grammatical and spelling mistakes in the files which I
corrected as documentation proof reading.
Also added information about few ipsec vpn parameters.

docs/_include/draw.io/vpn_s2s_ikev2_c.drawio

@@ -0,0 +1 @@
+<mxfile host="app.diagrams.net" modified="2021-06-29T11:55:47.927Z" agent="5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36" etag="Bz4WAiXHzjjCvDkoEJPw" version="14.8.1" type="device"><diagram id="aAslkehIyZXHwb55RWRM" name="Page-1">7VpLc6M4EP41PpoCSbyOdhLPHjJVmUpVNnuUQbapBeQFObb3168EwjwkPzJrHKcK5xDUEq1W99etVosRfEh2PzK8Xv2kIYlHwAx3I/g4AgDYjsf/Ccq+pFi2bZaUZRaFklYTXqN/iSRWwzZRSPLWQEZpzKJ1mxjQNCUBa9FwltFte9iCxu1Z13hJFMJrgGOV+mcUslVJ9apVCPofJFquqpktU/YkuBosCfkKh3TbIMGnEXzIKGXlU7J7ILHQXqWX8r3Zkd6DYBlJ2SUvPMcQwd02m7w95GM/fv71vsVjyeUDxxu5YCks21cayOgmDYlgYo3gdLuKGHld40D0brnROW3Fklh2q0JVM5CMkV2DJIX8QWhCWLbnQ2TvGNlO+Y7EzBjaksm2tgBCqKStGtqHsLK8tPrywL1WDH+QuvmEnsAd6skyPXh3ioLnFcUdYS0ek91SBA0jiPKAGlx9jGS5/N/WVojzVaFZkzcWURw/0JhmBTdoQsfzXU7PWUb/Jo2eRfE79FTuy1U6FVqOuJM/4zmJX2gesYimvG9OGaNJY8Akjpaig1FhwNrEQpCDQ4tGQJMoqCSkKZvhJIqFXd5IFuIUS7IMcBa4GgZs1MYA8G0FA9DTYMDy/J4wgAYM3BIDCN4fBOwBAreEgItcw26DwLPgV4PAOQ8CEvJsSzZzsky4Dp5q0pSk4UQkcbw3pSlpw4HsIvYudM2XXrb+kpoXz4+7ZmPfsEkDG1M4mzmOiqbQJl6IdGhynCmYzRQ0QTnRC8kirjyB3HLylCuyFLIwdtEuxDT8qllLWrT2zZbKL5xFwgpF6yh0crrJAnJ+m2Y4WxJ23o+FmU4CsQGyKjVuYqyiZSTGLPpo59Y63MkZXmjEV1bj3HOg4cH610l/gNPmWKpBMmmmxgpf/xRf13cNp/Gz27OUSlRm4cDF+8awtRiQn1zckTh+XOzuG8g984ZrWiff4A+l3LXXH6z8+4HAHQJBIxB43h0FAvQ9AwFyQMthzY7L8iO60XHTi4MBdC3DUt29Ym07liZWXDsYAAQ+6dqoKpnc1LU9jWs7Mbf2dM4flqwAZ0kQLtdyeuefDa06xnmREk34AMtb7+rOiovlA24VzzANvswZQBVX3igZtyfj5IYAnWDD0yrWDiFt95YhphkLJAnLRDDgjlakp90MMYnCsIhYugJAO3G8RuKn7AC2qeb+FrJVT6zKUlfP+vxbIcIA9oCCclfvosCpij7NQpB7QxBUsegGKBBTDSAAYx+Y3TMgrElfBgRdhXkIB70iAZl3Fw509fMhHPQJAtCtCh5q/l8GAt3dQD+5ostzRc8AJhiSxebBxr+7ZNHS3RVcAwIfLKojwTzrWjxf4/Q4861cumCf0izBsQZjpjiKGGL9wrEOQCo5K/hqw64DsTOXhRfWm9uFCGt0UQUajZSax8IWf0dxLl6WolsaTJcl8mvA1TK7R2/f0qQzoDr7t+oMsC/A6m42vhNg4QDYvgCr1Gx886vRqruC+Z9bLkA6+GbFaoZttijEKZmX9himKY/2t8/qSvC9ACEmiwEHcv9C3QsqXQreEwze8zeeBrNfP6eTcLcC28dJvNB+7tVztfbUpqZSvjtiFHhoQHSimotQt4TjWuoewhOjG2JGd3TvWKBxOxfEOM/FDq9+7da5O7pIMze6TnL9zs7tmh11Xnx7pLByvA6rI1dEv3Ejo7XX7U/Z1kknv45LZ4SLg+fFAOFueMNoLlPCT3myvHnj09jTkf2oDwzaANKDv9tO198PaGn6O7zOHsGb9efGJdzqr7bh038=</diagram></mxfile>

docs/automation/vyos-api.rst

@@ -4,7 +4,7 @@
 VyOS API
 ########
 
-for configuration and enabling the API see :ref:`http-api`
+For configuration and enabling the API see :ref:`http-api`
 
 **************
 Authentication
@@ -13,7 +13,7 @@ Authentication
 All Endpoint only listen on HTTP POST requests and the API KEY must set as
 ``key`` in the formdata.
 
-Below see one example or curl and one for python.
+Below see one example for curl and one for python.
 In the following, the documentation is reduced to curl.
 
 .. code-block:: none
@@ -314,4 +314,4 @@ To Load a configuration file.
       "success": true,
       "data": null,
       "error": null
-   }
+   }

docs/cli.rst

@@ -110,8 +110,7 @@ files.
 Terminology
 ###########
 
-live
-A VyOS system has three major types of configurations:
+A live VyOS system has three major types of configurations:
 
 * **Active** or **running configuration** is the system configuration
   that is loaded  and currently active (used by VyOS). Any change in
@@ -404,7 +403,7 @@ different levels in the hierarchy.
    Use this command to preserve configuration changes upon reboot. By
    default it is stored at */config/config.boot*. In the case you want
    to store the configuration file somewhere else, you can add a local
-   path, an SCP address, an FTP address or a TFTP address. 
+   path, a SCP address, a FTP address or a TFTP address. 
 
    .. code-block:: none
 
@@ -455,7 +454,7 @@ different levels in the hierarchy.
    a firewall, and you are not sure there are no mistakes that will lock
    you out of your system. You can use confirmed commit. If you issue
    the ``commit-confirm`` command, your changes will be commited, and if
-   you don't issue issue the ``confirm`` command in 10 minutes, your
+   you don't issue  the ``confirm`` command in 10 minutes, your
    system will reboot into previous config revision.
 
    .. code-block:: none

docs/configuration/protocols/bgp.rst

@@ -190,7 +190,7 @@ Defining Peers
 
    This command creates a new neighbor whose remote-as is <nasn>. The neighbor
    address can be an IPv4 address or an IPv6 address or an interface to use
-   for the connection. The command it applicable for peer and peer group.
+   for the connection. The command is applicable for peer and peer group.
 
 .. cfgcmd:: set protocols bgp neighbor <address|interface> remote-as
    internal
@@ -809,7 +809,7 @@ For outbound updates the order of preference is:
 .. cfgcmd:: set protocols bgp neighbor <address|interface> address-family
    <ipv4-unicast|ipv6-unicast> distribute-list <export|import> <number>
 
-   This command applys the access list filters named in <number> to the
+   This command applies the access list filters named in <number> to the
    specified BGP neighbor to restrict the routing information that BGP learns
    and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import`
    specify the direction in which the access list are applied.
@@ -817,7 +817,7 @@ For outbound updates the order of preference is:
 .. cfgcmd:: set protocols bgp neighbor <address|interface> address-family
    <ipv4-unicast|ipv6-unicast> prefix-list <export|import> <name>
 
-   This command applys the prfefix list filters named in <name> to the
+   This command applies the prfefix list filters named in <name> to the
    specified BGP neighbor to restrict the routing information that BGP learns
    and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import`
    specify the direction in which the prefix list are applied.
@@ -825,7 +825,7 @@ For outbound updates the order of preference is:
 .. cfgcmd:: set protocols bgp neighbor <address|interface> address-family
    <ipv4-unicast|ipv6-unicast> route-map <export|import> <name>
 
-   This command applys the route map named in <name> to the specified BGP
+   This command applies the route map named in <name> to the specified BGP
    neighbor to control and modify routing information that is exchanged
    between peers. The arguments :cfgcmd:`export` and :cfgcmd:`import`
    specify the direction in which the route map are applied.
@@ -833,7 +833,7 @@ For outbound updates the order of preference is:
 .. cfgcmd:: set protocols bgp neighbor <address|interface> address-family
    <ipv4-unicast|ipv6-unicast> filter-list <export|import> <name>
 
-   This command applys the AS path access list filters named in <name> to the
+   This command applies the AS path access list filters named in <name> to the
    specified BGP neighbor to restrict the routing information that BGP learns
    and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import`
    specify the direction in which the AS path access list are applied.

docs/configuration/system/console.rst

@@ -43,4 +43,4 @@ Major upgrades to the installed distribution may also require console access.
      control. This means you should start with a common baud rate (most likely
      9600 baud) as otherwise you probably can not connect to the device using
      high speed baud rates as your serial converter simply can not process this
-     datarate.
+     data rate.

docs/configuration/system/host-name.rst

@@ -22,7 +22,7 @@ the command line prompt.
 
 .. cfgcmd:: set system host-name <hostname>
 
-   Set system hostname. The hostname can be up to 63 characters. A hostname
+   The hostname can be up to 63 characters. A hostname
    must start and end with a letter or digit, and have as interior characters
    only letters, digits, or a hyphen.
 

docs/configuration/system/syslog.rst

@@ -33,7 +33,7 @@ Custom File
 
 .. cfgcmd:: set system syslog file <filename> facility <keyword> level <keyword>
 
-   Log syslog messages to file specified via `<filename>`, for en explanation on
+   Log syslog messages to file specified via `<filename>`, for an explanation on
    :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords
    see tables below.
 
@@ -62,7 +62,7 @@ sending the messages via port 514/UDP.
 .. cfgcmd:: set system syslog host <address> facility <keyword> level <keyword>
 
    Log syslog messages to remote host specified by `<address>`. The address
-   can be specified by either FQDN or IP address. For en explanation on
+   can be specified by either FQDN or IP address. For an explanation on
    :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level`
    keywords see tables below.
 
@@ -81,7 +81,7 @@ Local User Account
 
    If logging to a local user account is configured, all defined log messages
    are display on the console if the local user is logged in, if the user is not
-   logged in, no messages are being displayed. For en explanation on
+   logged in, no messages are being displayed. For an explanation on
    :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords
    see tables below.
 

docs/configuration/vpn/l2tp.rst

@@ -160,7 +160,7 @@ servers can be setup and will be used subsequentially.
 RADIUS source address
 ^^^^^^^^^^^^^^^^^^^^^
 
-If you are using OSPF as IGP always the closets interface connected to the
+If you are using OSPF as IGP, always the closest interface connected to the
 RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests
 to a single source IP e.g. the loopback interface.
 
@@ -172,7 +172,7 @@ Above command will use `10.0.0.3` as source IPv4 address for all RADIUS queries
 on this NAS.
 
 .. note:: The ``source-address`` must be configured on one of VyOS interface.
-   Best proctice would be a loopback or dummy interface.
+   Best practice would be a loopback or dummy interface.
 
 RADIUS bandwidth shaping attribute
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

docs/configuration/vpn/site2site_ipsec.rst

@@ -264,9 +264,15 @@ rules. (if you used the default configuration at the top of this page)
 IKEv2
 ^^^^^
 
+Example:
+
+* left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device
+* left public_ip:172.18.201.10
+* right local_ip: 172.18.202.10 # right side WAN IP
+
 Imagine the following topology
 
-.. figure:: /_static/images/vpn_s2s_ikev2.png
+.. figure:: /_static/images/vpn_s2s_ikev2_c.png
    :scale: 50 %
    :alt: IPSec IKEv2 site2site VPN
 
@@ -289,9 +295,6 @@ Imagine the following topology
   set vpn ipsec esp-group ESP_DEFAULT pfs 'dh-group19'
   set vpn ipsec esp-group ESP_DEFAULT proposal 10 encryption 'aes256gcm128'
   set vpn ipsec esp-group ESP_DEFAULT proposal 10 hash 'sha256'
-  set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'hold'
-  set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection interval '30'
-  set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection timeout '120'
   set vpn ipsec ike-group IKEv2_DEFAULT ikev2-reauth 'no'
   set vpn ipsec ike-group IKEv2_DEFAULT key-exchange 'ikev2'
   set vpn ipsec ike-group IKEv2_DEFAULT lifetime '10800'
@@ -304,10 +307,10 @@ Imagine the following topology
   set vpn ipsec site-to-site peer 172.18.202.10 authentication mode 'pre-shared-secret'
   set vpn ipsec site-to-site peer 172.18.202.10 authentication pre-shared-secret 'secretkey'
   set vpn ipsec site-to-site peer 172.18.202.10 authentication remote-id '172.18.202.10'
-  set vpn ipsec site-to-site peer 172.18.202.10 connection-type 'initiate'
+  set vpn ipsec site-to-site peer 172.18.202.10 connection-type 'respond'
   set vpn ipsec site-to-site peer 172.18.202.10 ike-group 'IKEv2_DEFAULT'
   set vpn ipsec site-to-site peer 172.18.202.10 ikev2-reauth 'inherit'
-  set vpn ipsec site-to-site peer 172.18.202.10 local-address '172.18.201.10'
+  set vpn ipsec site-to-site peer 172.18.202.10 local-address '192.168.0.10'
   set vpn ipsec site-to-site peer 172.18.202.10 vti bind 'vti10'
   set vpn ipsec site-to-site peer 172.18.202.10 vti esp-group 'ESP_DEFAULT'
 
@@ -323,7 +326,7 @@ Imagine the following topology
   set vpn ipsec esp-group ESP_DEFAULT pfs 'dh-group19'
   set vpn ipsec esp-group ESP_DEFAULT proposal 10 encryption 'aes256gcm128'
   set vpn ipsec esp-group ESP_DEFAULT proposal 10 hash 'sha256'
-  set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'hold'
+  set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'restart'
   set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection interval '30'
   set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection timeout '120'
   set vpn ipsec ike-group IKEv2_DEFAULT ikev2-reauth 'no'
@@ -344,3 +347,40 @@ Imagine the following topology
   set vpn ipsec site-to-site peer 172.18.201.10 local-address '172.18.202.10'
   set vpn ipsec site-to-site peer 172.18.201.10 vti bind 'vti10'
   set vpn ipsec site-to-site peer 172.18.201.10 vti esp-group 'ESP_DEFAULT'
+
+Key Parameters:
+
+* ``authentication id/remote-id`` - IKE identification is used for validation 
+  of VPN peer devices during IKE negotiation. If you do not configure local/
+  remote-identity, the device uses the IPv4 or IPv6 address that corresponds 
+  to the local/remote peer by default.
+  In certain network setups (like ipsec interface with dynamic address, or 
+  behind the NAT ), the IKE ID received from the peer does not match the IKE 
+  gateway configured on the device. This can lead to a Phase 1 validation 
+  failure.
+  So, make sure to configure the local/remote id explicitly and ensure that the 
+  IKE ID is the same as the remote-identity configured on the peer device.
+
+* ``disable-route-autoinstall`` - This option when configured disables the
+  routes installed in the default table 220 for site-to-site ipsec.
+  It is mostly used with VTI configuration.
+
+* ``dead-peer-detection action = clear | hold | restart`` - R_U_THERE 
+  notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) 
+  are periodically sent in order to check the liveliness of theIPsec peer. The 
+  values clear, hold, and restart all activate DPD and determine the action to 
+  perform on a timeout.
+  With ``clear`` the connection is closed with no further actions taken. 
+  ``hold`` installs a trap policy, which will catch matching traffic and tries 
+  to re-negotiate the connection on demand. 
+  ``restart`` will immediately trigger an attempt to re-negotiate the 
+  connection.
+
+* ``close-action = none | clear | hold | restart`` - defines the action to take 
+  if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of 
+  values). A closeaction should not be used if the peer uses reauthentication or
+  uniqueids.
+  
+  For a responder, close-action or dead-peer-detection must not be enabled.  
+  For an initiator DPD with `restart` action, and `close-action 'restart'` 
+  is recommended in IKE profile.

docs/installation/install.rst

@@ -62,7 +62,7 @@ LTS images are signed by VyOS lead package-maintainer private key. With
 the official public key, the authenticity of the package can be
 verified. :abbr:`GPG (GNU Privacy Guard)` is used for verification.
 
-.. note:: This subsection only applies e applies to LTS images, for
+.. note:: This subsection only applies to LTS images, for
    Rolling images please jump to :ref:`live_installation`.
 
 Preparing for the verification
@@ -326,7 +326,7 @@ In order to proceed with a permanent installation:
    Done!
 
 
- 3. After the installation is complete, remove the live USB stick or
+ 3. After the installation is completed, remove the live USB stick or
     CD.
 
  4. Reboot the system.

docs/installation/virtual/vmware.rst

@@ -17,7 +17,7 @@ installing from the ISO using the normal process around `install image`.
 Memory Contention Considerations
 --------------------------------
 When the underlying ESXi host is approaching ~92% memory utilisation it will
-start the balloon process in s a 'soft' state to start reclaiming memory from
+start the balloon process in  a 'soft' state to start reclaiming memory from
 guest operating systems. This causes an artificial pressure using the vmmemctl
 driver on memory usage on the virtual guest. As VyOS by default does not have
 a swap file, this vmmemctl pressure is unable to force processes to move in
@@ -43,4 +43,4 @@ References
 
 https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-killer.html
 
-.. start_vyoslinter
+.. start_vyoslinter

docs/introducing/about.rst

@@ -8,10 +8,10 @@ VyOS is an open source network operating system based on Debian GNU/Linux.
 
 VyOS provides a free routing platform that competes directly with other
 commercially available solutions from well known network providers. Because
-VyOS is run on standard amd64, i586 and ARM systems, it is able to be used
+VyOS runs on standard amd64, i586 and ARM systems, it is able to be used
 as a router and firewall platform for cloud deployments.
 
-We use multiple live versions of our manual hosted thankfully by
+We use multiple live versions of our manual, hosted thankfully by
 https://readthedocs.org. We will provide one version of the manual for every
 VyOS major version starting with VyOS 1.2 which will receive Long-term support
 (LTS).