vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,050 Commits 32 Branches 12 Tags
Commit Graph

68 Commits

Author SHA1 Message Date
Robert Göhler
bacd60f419
Merge pull request #1249 from aapostoliuk/T4658-T5953-circinus 
Updated DPD and close-action values in IPSEC
 2024-01-19 21:13:58 +01:00
aapostoliuk
f5b79621d0 Changed IPv6 pool documentation in accel-ppp services 
Changed IPv6 pool documentation in accel-ppp services
to named IPv6 pools.
https://vyos.dev/T5865
 2024-01-19 13:38:40 +02:00
aapostoliuk
cfb7e8186d Updated DPD and close-action values in IPSEC 
Changed from 'hold' to 'trap' and from 'restart' to 'start'
in close-action.
Changed from 'hold' to 'trap' in DPD action.
 2024-01-19 12:39:38 +02:00
fett0
5933ffbe44 ocserv: add http-security-headers documentation 2023-12-27 16:37:24 -03:00
Robert Göhler
f05f2e2b73
Merge pull request #1178 from aapostoliuk/T5688-2-circinus 
sstp: T5688: Fixed 'client-ip-pool' configuration in the example
 2023-12-11 20:17:59 +01:00
aapostoliuk
f8e26888b9 sstp: T5688: Fixed 'client-ip-pool' configuration in the example 
Fixed 'client-ip-pool' configuration in the example
 2023-12-08 10:53:21 +02:00
aapostoliuk
1096cbcf95 accel-ppp: T5688: Changing CLI to create client address pool 
Changing CLI to create client address pool
 2023-12-05 17:30:16 +02:00
Christian Breunig
0429c31788 vpn: update site2site VTI example 2023-12-02 20:54:27 +01:00
Christian Breunig
5953d6f697 ipsec: gre: use dummy interface in example over loopback 2023-11-24 21:29:42 +01:00
greenpsi
f0349e7f1f Nat update 
Update some nat commands to new syntax
 2023-11-16 00:19:59 +01:00
Daniil Baturin
e4785773bf
Merge pull request #1146 from srividya0208/minor_errors 
correction of typos
 2023-11-09 13:27:19 +00:00
srividya0208
040472e043 correction of typos 2023-11-09 08:19:04 -05:00
Robert Göhler
7aa0c1ab32
Merge pull request #1126 from srividya0208/ipsec_vips 
Added config example of vpn ipsec site-to-site
 2023-10-26 13:36:13 +02:00
srividya0208
4d7e44d3e7 Added config example of vpn ipsec site-to-site 2023-10-26 02:00:19 -04:00
Robert Göhler
858e209ef9
Merge pull request #1119 from aslanvyos/patch-8 
Update dmvpn.rst
 2023-10-19 13:05:10 +02:00
aslanvyos
dc2cfd1f61
Update dmvpn.rst 
When we put this command we got an error like:

set interfaces tunnel tun100 local-ip '192.0.2.1'

  Configuration path: interfaces tunnel tun100 [local-ip] is not valid
  Set failed
 2023-10-18 17:44:00 +04:00
aslanvyos
d3ef41c38f
Update site2site_ipsec.rst 
To make easily understandable the Site-to-Site VPN ikev2 configuration for users (especially if the user is new to VyOS) made the following changes:
- Added dummy interface to both routers for testing purposes
- Added static route for both routers for dummy interface
- Added this line of command: 
   set vpn ipsec option disable-route-autoinstall
   Because when we write this line after the commit action we got an error like:
WARNING: It's recommended to use ipsec vti with the next command

- corrected this line:
  set vpn ipsec site-to-site peer OFFICE-B local-address '192.168.0.10'
to this:
set vpn ipsec site-to-site peer OFFICE-B local-address '172.18.201.10'
 2023-10-18 15:24:39 +04:00
srividya0208
3f7e9a6de9 Added details about ipsec remote-access 2023-09-28 02:41:47 -04:00
srividya0208
54bdc76b3b correction of ipsec compression syntax and added a reference 
for changes done for zone based firewall
 2023-09-04 02:49:17 -04:00
srividya0208
56f0d12968 corrected the l2tp op command 2023-06-13 04:01:24 -04:00
Robert Göhler
c417c7c6b6
Update openconnect.rst correct code-block 2023-05-20 21:17:23 +02:00
Jamie Austin
424669f4b0
ocserv: fix: indent of warning section text overflowing outside the warning box 2023-05-19 19:33:02 +10:00
Jamie Austin
aa77ce484a
T3896: ocserv: openconnect: document identity based configuration 2023-05-17 15:27:34 +10:00
Christian Breunig
f5e141d718 tunnel: T5034: migrate "multicast enable" CLI node to enable-multicast 2023-02-26 08:15:58 +01:00
Viacheslav Hletenko
8f61920f01 Change IPsec authentication PSK and examples 2023-02-05 12:22:36 +00:00
rebortg
ee91e1d5c1 fix build warnings and errors 2023-01-31 21:46:57 +01:00
Jamie Austin
e041874a9d
T4958: ocserv: openconnect: document RADIUS accounting 2023-01-29 10:51:54 +11:00
aapostoliuk
3711f087a3 ipsec: T4925: Added PRF information in IPSEC documentation 
Added Pseudo-Random Functions (PRF) information
in IPSEC documentation.
 2023-01-19 16:09:04 +02:00
rebortg
27ba499869 fix closeaction image 2023-01-03 20:37:50 +01:00
srividya0208
67c16e7f3a close-action: image reference is modified from image to figure 2023-01-02 22:33:11 -05:00
srividya0208
57b7e4f1b1 close-action: added an image to the details. 
There was a typo in the reference for the image added in the previous
commit, corrected that.
 2022-12-27 22:12:58 -05:00
srividya0208
b6b86f1946 ipsec_closeaction: added recommendation for closeaction options 
Added VPN IPSec connection-type recommendation for the close-action and
dpd settings.
For example close-action restart should not be added on both peers
 2022-12-26 09:26:32 -05:00
Christian Poessinger
91e7d86a27 T4792: add initial documentation for SSTP client 2022-12-11 20:32:46 +01:00
srividya0208
ac70a57fd1 Modified the documentation as per the new format/syntax 2022-11-08 22:24:58 -05:00
Viacheslav Hletenko
4dabe5123f ipsec: T4118: Change IPSec syntax 
Migration and Change boolean nodes "enable/disable" to
disable-xxxx, enable-xxxx and just xxx for VPN IPsec
configurations

  - IKE changes:
      - replace 'ipsec ike-group <tag> mobike disable'
             => 'ipsec ike-group <tag> disable-mobike'
      - replace 'ipsec ike-group <tag> ikev2-reauth yes|no'
             => 'ipsec ike-group <tag> ikev2-reauth'
  - ESP changes:
      - replace 'ipsec esp-group <tag> compression enable'
             => 'ipsec esp-group <tag> compression'
  - PEER changes:
      - replace: 'peer <tag> id xxx'
              => 'peer <tag> local-id xxx'
      - replace: 'peer <tag> force-encapsulation enable'
              => 'peer <tag> force-udp-encapsulation'
      - add option: 'peer <tag> remote-address x.x.x.x'

If peer name is IPv4 or IPv6 address add remote-address via
migration script
 2022-09-29 17:16:28 +03:00
srividya0208
da88a7dadc ipsec-interface: syntax correction 
The command to set the vpn interface is changed in the rolling release
which is not modified in many configuration examples, corrected syntax
in all pages where it is mentioned
 2022-09-08 06:55:52 -04:00
aapostoliuk
6819261f12 openconnect: Fixed gramma mistake in commands 
Fixed gramma mistake in commands
 2022-08-05 14:34:44 +03:00
Kav7
2faccd7b98
Update sstp.rst 
The command path:
set vpn sstp ssl key-file <file>

Does not appear to exist anymore, as per https://github.com/vyos/vyos-1x/pull/1038
Can the doc be updated with instructions on SSTP setup with new command structure?
 2022-08-01 14:52:20 +10:00
Eshenko Dmitriy
41b567bd1e Add missing param to encrypt tunnel 2022-07-19 12:53:31 +01:00
goodNETnick
aff4b038c2 sstp: T4444. Port number changing support 2022-05-26 02:23:23 -04:00
goodNETnick
9b7955ceca ocserv. Added show user OTP key 2022-05-08 20:48:53 -04:00
srividya0208
af2af9b50f deletion of note related to nat 
Removed the note from the firewall page as nat grouping is not added yet
Added the information about new option 'none' in the site-to-site ipsec vpn
page
 2022-04-24 14:46:53 -04:00
goodNETnick
633f3f5651 OpenConnect new new syntax + OTP 2FA 2022-04-21 08:05:07 -04:00
mkorobeinikov
79ac4fec96
Update ipsec.rst 2022-02-23 10:59:25 +10:00
mkorobeinikov
ea485aede1
Add cisco_flexvpn and install_virtualip_on options 
Ability to set Cisco FlexVPN vendor ID payload:
charon.cisco_flexvpn = yes
charon.install_virtual_ip_on = tunX
swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z
 2022-02-23 10:49:37 +10:00
mkorobeinikov
5d3bffe651
Ability to set SA life bytes and packets 
https://phabricator.vyos.net/T1856
https://github.com/vyos/vyos-1x/pull/1230
 2022-02-23 09:13:27 +10:00
Christian Poessinger
4395d0080a openconnect: remove example b/c of missing PKI 
OpenConnect lacks full documentation which would also include how to create and
add use keys from the new PKI backend. For the time beeing we should not
confuse users.
 2022-02-20 20:28:13 +01:00
Christian Poessinger
9ca9ddcb07
Merge pull request #704 from rickard-tpo/patch-1 
Updated OpenConnect SSL Syntax
 2022-02-20 20:23:08 +01:00
srividya0208
06f30a8b32 vpn-gre:incorrect syntax: local-ip and remote-ip changed to source-address and remote 
vyos@vyos# set int tunnel tun0
Possible completions:

   remote       Tunnel remote address
   source-address
                Source IP address used to initiate connection
 2022-02-15 11:11:00 -05:00
rickard-tpo
e614cc874d
Updated SSL Syntax 
Updated syntax to match 1.4.x.
 2022-01-26 12:27:57 +00:00