vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,165 Commits 32 Branches 12 Tags
Commit Graph

71 Commits

Author SHA1 Message Date
aapostoliuk
6ec864e8d3
Updated site-to-site IPsec VPN documentation (#1660) 
* Updated site-to-site IPsec VPN documentation

Added general theoretical IPsec documentation.
Changed site-to-site IPsec VPN documentation.
Added steps for configuration.
Added documentation for troubleshooting site-to-site IPsec VPN.
Backported from https://github.com/vyos/vyos-documentation/pull/1653

---------

Co-authored-by: aapostoliuk <aapostoliuk@vyos.io>
Co-authored-by: Daniil Baturin <daniil@baturin.org>
 2025-07-28 13:51:55 +01:00
srividya0208
2ff18f0cb9
Updated the installation page with latest information (#1659) 2025-07-21 12:38:10 +01:00
Balazs Szenczy
ddc8993fe8 Update l2tp.rst 
Small correction

(cherry picked from commit e835834cded213855cde83335fc49b0d19b9004c)
 2024-08-10 20:31:56 +00:00
Christian Breunig
e96e7bc19a ipsec: T6599: add CLI documentation to disable ESP re-key 
(cherry picked from commit 284b5b8e9bec10f4e69c0add321361a832d39b66)
 2024-07-22 12:27:19 +02:00
whyrlpool
2ae974066f VPN documentation proofreading (#1506) 
* Fix typos in openconnect.rst

change Cerbort->Certbot
Update first line to reflect that openconnect was introduced in 1.3-rolling (T2036)

* typo in dmvpn.rst

* ipsec.rst justification, minor phrasing changes

* l2tp.rst justification and phrasing changes.

* sstp.rst phrasing, justification changes

* Update ipsec.rst

rephrase for clarity and to avoid possessive plural apostrophe

(cherry picked from commit 873a461bdf972ebd815baf50893700b0a2518213)
 2024-07-18 16:09:24 +02:00
srividya0208
dc6ec3b965 ipsec: Added information about operational commands 
(cherry picked from commit cd1dcb5d8e66e3431415ebf31a2d5902b30c1ffc)
 2024-07-13 15:14:10 +00:00
Nataliia Solomko
8b85ad80c6 sstp: T4393: Add support to configure host-name (SNI) 
(cherry picked from commit 30af00bd7f3b97e5aed539f42fbfc6eaa5535158)
 2024-05-10 12:17:42 +00:00
aapostoliuk
5516a01b20 Fixed examples in accel-ppp services in IPv6 section 
Fixed examples in accel-ppp services in IPv6 section

(cherry picked from commit 899acac204ba39b6d092ebc389e435a669d39258)
 2024-05-05 20:48:34 +00:00
rebortg
deb44d8856 fix several build warnings and errors 2024-04-16 21:58:21 +02:00
Robert Göhler
951c56bce1
Merge pull request #1309 from vyos/mergify/bp/sagitta/pr-1300 
Rewritten the SSTP server documentation (backport #1300)
 2024-03-05 21:41:40 +01:00
Robert Göhler
26d5585bf8
Update sstp.rst 2024-03-05 21:38:12 +01:00
aapostoliuk
0316ea57c6 Rewritten the PPTP server documentation 
Fully rewritten PPTP server documentation.

(cherry picked from commit 8cb0070b51edf550189a9ccf5f1a92bf537c3572)
 2024-03-05 20:27:59 +00:00
aapostoliuk
fb9775d571 Rewritten the SSTP server documentation 
Fully rewritten SSTP server documentation.

(cherry picked from commit d71c4607fa0c330a3c6269811b2126a25ceb91f7)

# Conflicts:
#	docs/configuration/vpn/sstp.rst
 2024-03-05 20:27:58 +00:00
Christian Breunig
e30e9608d6 ipsec: add IKEv2 road-warrior documentation 
(cherry picked from commit deb4e15e51e2b5f5b281f0e17961a5c10d036bfe)
 2024-02-27 06:56:55 +01:00
aapostoliuk
859a9ee449 Rewritten the L2TP documentation 
Rewritten the L2TP documentation
Added the example 'PPPoE over L2TP' to blueprints

(cherry picked from commit 4dd84a7c4d784229209eeb4b0d72457b094e08ce)
 2024-02-26 20:02:52 +00:00
aapostoliuk
97dc32e5cd T5971: Added PPP options documentation 
Added PPP options documentation

(cherry picked from commit dd3537443d71b8a5481ad0e8fb1a8e4edd0ecb71)
 2024-02-08 09:02:31 +00:00
aapostoliuk
c07b6d69f1 Changed IPv6 pool documentation in accel-ppp services 
Changed IPv6 pool documentation in accel-ppp services
to named IPv6 pools.
https://vyos.dev/T5865

(cherry picked from commit f5b79621d0c841ee9a596543a05ad1acc9130c1d)
 2024-02-02 08:03:57 +00:00
aapostoliuk
3c6bb1ec30 Updated DPD and close-action values in IPSEC 
Changed from 'hold' to 'trap' and from 'restart' to 'start'
in close-action.
Changed from 'hold' to 'trap' in DPD action.

(cherry picked from commit cfb7e8186d83e45092f361f9717c9542bfad053b)
 2024-01-22 10:53:21 +00:00
aapostoliuk
c72e0d8f9a accel-ppp: T5688: Changing CLI to create client address pool 
Changing CLI to create client address pool

(cherry picked from commit 1096cbcf95f96334d773ab98cce9d26d311f9e51)
 2023-12-30 22:16:53 +01:00
Christian Breunig
09a8acd602 vpn: update site2site VTI example 
(cherry picked from commit 0429c317884d8951cbf2e432981edeacd426f3ed)
 2023-12-02 20:56:32 +01:00
Christian Breunig
84498945cc ipsec: gre: use dummy interface in example over loopback 
(cherry picked from commit 5953d6f69748c82cbd9eafbe662163924ae719e6)
 2023-11-24 21:29:53 +01:00
srividya0208
54bdc76b3b correction of ipsec compression syntax and added a reference 
for changes done for zone based firewall
 2023-09-04 02:49:17 -04:00
srividya0208
56f0d12968 corrected the l2tp op command 2023-06-13 04:01:24 -04:00
Robert Göhler
c417c7c6b6
Update openconnect.rst correct code-block 2023-05-20 21:17:23 +02:00
Jamie Austin
424669f4b0
ocserv: fix: indent of warning section text overflowing outside the warning box 2023-05-19 19:33:02 +10:00
Jamie Austin
aa77ce484a
T3896: ocserv: openconnect: document identity based configuration 2023-05-17 15:27:34 +10:00
Christian Breunig
f5e141d718 tunnel: T5034: migrate "multicast enable" CLI node to enable-multicast 2023-02-26 08:15:58 +01:00
Viacheslav Hletenko
8f61920f01 Change IPsec authentication PSK and examples 2023-02-05 12:22:36 +00:00
rebortg
ee91e1d5c1 fix build warnings and errors 2023-01-31 21:46:57 +01:00
Jamie Austin
e041874a9d
T4958: ocserv: openconnect: document RADIUS accounting 2023-01-29 10:51:54 +11:00
aapostoliuk
3711f087a3 ipsec: T4925: Added PRF information in IPSEC documentation 
Added Pseudo-Random Functions (PRF) information
in IPSEC documentation.
 2023-01-19 16:09:04 +02:00
rebortg
27ba499869 fix closeaction image 2023-01-03 20:37:50 +01:00
srividya0208
67c16e7f3a close-action: image reference is modified from image to figure 2023-01-02 22:33:11 -05:00
srividya0208
57b7e4f1b1 close-action: added an image to the details. 
There was a typo in the reference for the image added in the previous
commit, corrected that.
 2022-12-27 22:12:58 -05:00
srividya0208
b6b86f1946 ipsec_closeaction: added recommendation for closeaction options 
Added VPN IPSec connection-type recommendation for the close-action and
dpd settings.
For example close-action restart should not be added on both peers
 2022-12-26 09:26:32 -05:00
Christian Poessinger
91e7d86a27 T4792: add initial documentation for SSTP client 2022-12-11 20:32:46 +01:00
srividya0208
ac70a57fd1 Modified the documentation as per the new format/syntax 2022-11-08 22:24:58 -05:00
Viacheslav Hletenko
4dabe5123f ipsec: T4118: Change IPSec syntax 
Migration and Change boolean nodes "enable/disable" to
disable-xxxx, enable-xxxx and just xxx for VPN IPsec
configurations

  - IKE changes:
      - replace 'ipsec ike-group <tag> mobike disable'
             => 'ipsec ike-group <tag> disable-mobike'
      - replace 'ipsec ike-group <tag> ikev2-reauth yes|no'
             => 'ipsec ike-group <tag> ikev2-reauth'
  - ESP changes:
      - replace 'ipsec esp-group <tag> compression enable'
             => 'ipsec esp-group <tag> compression'
  - PEER changes:
      - replace: 'peer <tag> id xxx'
              => 'peer <tag> local-id xxx'
      - replace: 'peer <tag> force-encapsulation enable'
              => 'peer <tag> force-udp-encapsulation'
      - add option: 'peer <tag> remote-address x.x.x.x'

If peer name is IPv4 or IPv6 address add remote-address via
migration script
 2022-09-29 17:16:28 +03:00
srividya0208
da88a7dadc ipsec-interface: syntax correction 
The command to set the vpn interface is changed in the rolling release
which is not modified in many configuration examples, corrected syntax
in all pages where it is mentioned
 2022-09-08 06:55:52 -04:00
aapostoliuk
6819261f12 openconnect: Fixed gramma mistake in commands 
Fixed gramma mistake in commands
 2022-08-05 14:34:44 +03:00
Kav7
2faccd7b98
Update sstp.rst 
The command path:
set vpn sstp ssl key-file <file>

Does not appear to exist anymore, as per https://github.com/vyos/vyos-1x/pull/1038
Can the doc be updated with instructions on SSTP setup with new command structure?
 2022-08-01 14:52:20 +10:00
Eshenko Dmitriy
41b567bd1e Add missing param to encrypt tunnel 2022-07-19 12:53:31 +01:00
goodNETnick
aff4b038c2 sstp: T4444. Port number changing support 2022-05-26 02:23:23 -04:00
goodNETnick
9b7955ceca ocserv. Added show user OTP key 2022-05-08 20:48:53 -04:00
srividya0208
af2af9b50f deletion of note related to nat 
Removed the note from the firewall page as nat grouping is not added yet
Added the information about new option 'none' in the site-to-site ipsec vpn
page
 2022-04-24 14:46:53 -04:00
goodNETnick
633f3f5651 OpenConnect new new syntax + OTP 2FA 2022-04-21 08:05:07 -04:00
mkorobeinikov
79ac4fec96
Update ipsec.rst 2022-02-23 10:59:25 +10:00
mkorobeinikov
ea485aede1
Add cisco_flexvpn and install_virtualip_on options 
Ability to set Cisco FlexVPN vendor ID payload:
charon.cisco_flexvpn = yes
charon.install_virtual_ip_on = tunX
swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z
 2022-02-23 10:49:37 +10:00
mkorobeinikov
5d3bffe651
Ability to set SA life bytes and packets 
https://phabricator.vyos.net/T1856
https://github.com/vyos/vyos-1x/pull/1230
 2022-02-23 09:13:27 +10:00
Christian Poessinger
4395d0080a openconnect: remove example b/c of missing PKI 
OpenConnect lacks full documentation which would also include how to create and
add use keys from the new PKI backend. For the time beeing we should not
confuse users.
 2022-02-20 20:28:13 +01:00