Merge pull request #1306 from srividya0208/ipsecedit

addition of missing parameter
2025-10-26 08:41:46 +01:00 · 2024-03-05 21:25:45 +01:00 · 2024-03-05 21:25:45 +01:00 · fd6bbf93a4
commit fd6bbf93a4
parent de7fab8728 4c533eef7f
1 changed files with 21 additions and 18 deletions
--- a/docs/configuration/vpn/site2site_ipsec.rst
+++ b/docs/configuration/vpn/site2site_ipsec.rst
@ -16,7 +16,8 @@ special characters. It is purely informational.
 Each site-to-site peer has the next options:
 * ``authentication`` - configure authentication between VyOS and a remote peer.
-  Suboptions:
+  If pre-shared-secret mode is used, the secret key must be defined in 
  ``set vpn ipsec authentication`` and suboptions:
 * ``psk`` - Preshared secret key name:
@ -36,8 +37,7 @@ Each site-to-site peer has the next options:
  * ``pre-shared-secret`` - use predefined shared secret phrase;
-  * ``rsa`` - use simple shared RSA key. The key must be defined in the
+  * ``rsa`` - use simple shared RSA key.
    ``set vpn rsa-keys`` section;
  * ``x509`` - use certificates infrastructure for authentication.
@ -45,29 +45,26 @@ Each site-to-site peer has the next options:
   address. Useful in case if the remote peer is behind NAT or if ``mode x509``
   is used;
- * ``rsa-key-name`` - shared RSA key for authentication. The key must be defined
+ * ``rsa`` - options for RSA authentication mode:
-   in the ``set vpn rsa-keys`` section;
+
  * ``local-key`` - name of PKI key-pair with local private key
  * ``remote-key`` - name of PKI key-pair with remote public key
  * ``passphrase`` - local private key passphrase
 * ``use-x509-id`` - use local ID from x509 certificate. Cannot be used when
   ``id`` is defined;
 * ``x509`` - options for x509 authentication mode:
-  * ``ca-cert-file`` - CA certificate file. Using for authenticating
+  * ``ca-certificate`` - CA certificate in PKI configuration. Using for 
-    remote peer;
+    authenticating remote peer;
-  * ``cert-file`` - certificate file, which will be used for authenticating
+  * ``certificate`` - certificate file in PKI configuration, which will be used
-    local router on remote peer;
+    for authenticating local router on remote peer;
-  * ``crl-file`` - file with the Certificate Revocation List. Using to check if
+  * ``passphrase`` - private key passphrase, if needed.
    a certificate for the remote peer is valid or revoked;
  * ``key`` - a private key, which will be used for authenticating local router
    on remote peer:
   * ``file`` - path to the key file;
   * ``password`` - passphrase private key, if needed.
 * ``connection-type`` - how to handle this connection process. Possible
  variants:
@ -113,6 +110,9 @@ Each site-to-site peer has the next options:
  Hostname is a DNS name which could be used when a peer has a public IP
  address and DNS name, but an IP address could be changed from time to time.
 * ``replay-window`` - IPsec replay window to configure for this CHILD_SA 
  (default: 32), a value of 0 disables IPsec replay protection
 * ``tunnel`` - define criteria for traffic to be matched for encrypting and send
  it to a peer:
@ -127,6 +127,9 @@ Each site-to-site peer has the next options:
  * ``prefix`` - IP network at local side.
 * ``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value 
   more preferable)
 * ``protocol`` - define the protocol for match traffic, which should be
   encrypted and send to this peer;