Merge branch 'master' of github.com:vyos/vyos-documentation

2025-10-26 08:41:46 +01:00 · 2021-09-13 19:46:32 +02:00 · 2021-09-13 19:46:32 +02:00 · df1ada3aed
commit df1ada3aed
parent e8bd02d5f8 42d629a15f
2 changed files with 27 additions and 14 deletions
--- a/docs/configuration/interfaces/openvpn.rst
+++ b/docs/configuration/interfaces/openvpn.rst
@ -34,8 +34,9 @@ In the VyOS CLI, a key point often overlooked is that rather than being
 configured using the `set vpn` stanza, OpenVPN is configured as a network
 interface using `set interfaces openvpn`.
-Site-To-Site
+************
-============
+Site-to-Site
 ************
 .. figure:: /_static/images/openvpn_site2site_diagram.jpg
@ -132,11 +133,10 @@ Remote Configuration - Annotated:
  set interfaces openvpn vtun1 remote-address '10.255.1.1'                         # Remote IP of vtun interface
 *******************
 Firewall Exceptions
-*******************
+===================
-For the WireGuard traffic to pass through the WAN interface, you must create a
+For the OpenVPN traffic to pass through the WAN interface, you must create a
 firewall exception.
 .. code-block:: none
@ -248,8 +248,9 @@ to each tunnel. Another option is to dedicate a port number to each tunnel
 OpenVPN status can be verified using the `show openvpn` operational commands.
 See the built-in help for a complete list of options.
 ******
 Server
-======
+******
 Multi-client server is the most popular OpenVPN mode on routers. It always uses
 x.509 authentication and therefore requires a PKI setup. Refer this section
@ -325,7 +326,7 @@ internally, so we need to create a route to the 10.23.0.0/20 network ourselves:
  set protocols static route 10.23.0.0/20 interface vtun10
 Generate X.509 Certificate and Keys
-----------------------------------
+===================================
 OpenVPN ships with a set of scripts called Easy-RSA that can generate the
 appropriate files needed for an OpenVPN setup using X.509 certificates.
@ -538,8 +539,9 @@ example:
       }
   }
 ******
 Client
-======
+******
 VyOS can not only act as an OpenVPN site-to-site or server for multiple clients.
 You can indeed also configure any VyOS OpenVPN interface as an OpenVPN client
@ -552,8 +554,11 @@ using their CN attribute in the SSL certificate.
 .. _openvpn:client_server:
-Server
+Configuration
------
+=============
 Server Side
 -----------
 .. code-block:: none
@ -578,8 +583,8 @@ Server
 .. _openvpn:client_client:
-Client
+Client Side
------
+-----------
 .. code-block:: none
--- a/docs/configuration/pki/index.rst
+++ b/docs/configuration/pki/index.rst
@ -268,6 +268,10 @@ also to display them.
    R3              CN=R3,O=Let's Encrypt,C=US                               CN=ISRG Root X1    2020-09-04 00:00:00  2025-09-15 16:00:00  No             DST_Root_CA_X3
    vyos_rw         CN=VyOS RW CA,O=VyOS,L=Some-City,ST=Some-State,C=GB      CN=VyOS RW CA      2021-07-05 13:46:03  2026-07-04 13:46:03  Yes            N/A
 .. opcmd:: show pki ca <name>
  Show only information for specified Certificate Authority.
 .. opcmd:: show pki certificates
  Show a list of installed certificates
@ -281,6 +285,10 @@ also to display them.
    ac2        Server  CN=ac2.vyos.net        CN=R3          2021-07-05 07:29:59  2021-10-03 07:29:58  No         Yes            Yes (R3)
    rw_server  Server  CN=VyOS RW             CN=VyOS RW CA  2021-07-05 13:48:02  2022-07-05 13:48:02  No         Yes            Yes (vyos_rw)
 .. opcmd:: show pki certificates <name>
  Show only information for specified certificate.
 .. opcmd:: show pki crl
  Show a list of installed :abbr:`CRLs (Certificate Revocation List)`.