vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed grammatical errors

Browse Source
This commit is contained in:
srividya0208 2021-07-15 10:47:31 -04:00
parent 176acce28d
commit f6e5ef39a8
3 changed files with 32 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
docs/configuration/vpn/dmvpn.rst
View File

@ -1,3 +1,5 @@
:lastproofread: 2020-07-15
.. _vpn-dmvpn:
DMVPN
@ -7,7 +9,7 @@ DMVPN
DMVPN is a dynamic VPN technology originally developed by Cisco. While their
implementation was somewhat proprietary, the underlying technologies are
actually standards based. The three technologies are:
actually standard based. The three technologies are:
* **NHRP** - NBMA Next Hop Resolution Protocol RFC2332_
* **mGRE** - Multipoint Generic Routing Encapsulation / mGRE RFC1702_
@ -34,9 +36,11 @@ Baseline Configuration:
#. Create nhrp (`protocols nhrp`)
#. Create ipsec vpn (optional, but recommended for security) (`vpn ipsec`)
The tunnel will be set to mGRE if for encapsulation `gre` is set, and no
The tunnel will be set to mGRE if `gre` is set for encapsulation, and no
`remote-ip` is set. If the public ip is provided by DHCP the tunnel `local-ip`
can be set to "0.0.0.0". If you do set the `remote-ip` directive at any point, the interface will need to be `delete`'d from the config and recreated without the `remote-ip` config ever being set.
can be set to "0.0.0.0". If you do set the `remote-ip` directive at any point,
the interface will need to be `deleted` from the config and recreated without
the `remote-ip` config ever being set.
.. figure:: /_static/images/vpn_dmvpn_topology01.png
:scale: 40 %
@ -164,7 +168,12 @@ HUB Example Configuration:
HUB on AWS Configuration Specifics
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Setting this up on AWS will require a "Custom Protocol Rule" for protocol number "47" (GRE) Allow Rule in TWO places. Firstly on the VPC Network ACL, and secondly on the security group network ACL attached to the EC2 instance. This has been tested as working for the offical AMI image on the AWS Marketplace. (Locate the correct VPC and security group by navigating through the details pane below your EC2 instance in the AWS console)
Setting this up on AWS will require a "Custom Protocol Rule" for protocol
number "47" (GRE) Allow Rule in TWO places. Firstly on the VPC Network ACL, and
secondly on the security group network ACL attached to the EC2 instance. This
has been tested as working for the offical AMI image on the AWS Marketplace.
(Locate the correct VPC and security group by navigating through the details
pane below your EC2 instance in the AWS console)
SPOKE Configuration
^^^^^^^^^^^^^^^^^^^

9
docs/configuration/vpn/l2tp.rst
View File

@ -1,4 +1,4 @@
:lastproofread:2021-07-15
:lastproofread: 2021-07-15
.. _l2tp:
@ -62,6 +62,8 @@ will need to add the appropriate source NAT rules to your configuration.
set nat source rule 110 source address '192.168.255.0/24'
set nat source rule 110 translation address masquerade
.. stop_vyoslinter
To be able to resolve when connected to the VPN, the following DNS rules are
needed as well.
@ -73,6 +75,8 @@ needed as well.
.. note:: Those are the `Google public DNS`_ servers. You can also use the
public available servers from Quad9_ (9.9.9.9) or Cloudflare_ (1.1.1.1).
.. start_vyoslinter
Established sessions can be viewed using the **show vpn remote-access**
operational command.
@ -97,6 +101,8 @@ VyOS supports either `local` or `radius` user authentication:
set vpn l2tp remote-access authentication mode <local|radius>
.. stop_vyoslinter
In addition one or more RADIUS_ servers can be configured to server for user
authentication. This is done using the `radius server` and `radius server key`
nodes:
@ -124,6 +130,7 @@ single source IP e.g. the loopback interface.
Above command will use `3.3.3.3` as source IPv4 address for all RADIUS queries
on this NAS.
.. start_vyoslinter
.. _`Google Public DNS`: https://developers.google.com/speed/public-dns
.. _Quad9: https://quad9.net

17
docs/configuration/vpn/pptp.rst
View File

@ -1,15 +1,19 @@
:lastproofread:2021-07-15
:lastproofread: 2021-07-15
.. _pptp:
PPTP-Server
-----------
The Point-to-Point Tunneling Protocol (PPTP_) has been implemented in VyOS only for backwards compatibility.
PPTP has many well known security issues and you should use one of the many other new VPN implementations.
The Point-to-Point Tunneling Protocol (PPTP_) has been implemented in VyOS only
for backwards compatibility. PPTP has many well known security issues and you
should use one of the many other new VPN implementations.
As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption.
If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1.
As per default and if not otherwise defined, mschap-v2 is being used for
authentication and mppe 128-bit (stateless) for encryption. If no
gateway-address is set within the configuration, the lowest IP out of the /24
client-ip-pool is being used. For instance, in the example below it would be
192.168.0.1.
server example
^^^^^^^^^^^^^^
@ -26,7 +30,8 @@ server example
client example (debian 9)
^^^^^^^^^^^^^^^^^^^^^^^^^
Install the client software via apt and execute pptpsetup to generate the configuration.
Install the client software via apt and execute pptpsetup to generate the
configuration.
.. code-block:: none