vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,529 Commits 32 Branches 12 Tags
Commit Graph

43 Commits

Author SHA1 Message Date
rebortg
ee91e1d5c1 fix build warnings and errors 2023-01-31 21:46:57 +01:00
Jamie Austin
e041874a9d
T4958: ocserv: openconnect: document RADIUS accounting 2023-01-29 10:51:54 +11:00
aapostoliuk
3711f087a3 ipsec: T4925: Added PRF information in IPSEC documentation 
Added Pseudo-Random Functions (PRF) information
in IPSEC documentation.
 2023-01-19 16:09:04 +02:00
rebortg
27ba499869 fix closeaction image 2023-01-03 20:37:50 +01:00
srividya0208
67c16e7f3a close-action: image reference is modified from image to figure 2023-01-02 22:33:11 -05:00
srividya0208
57b7e4f1b1 close-action: added an image to the details. 
There was a typo in the reference for the image added in the previous
commit, corrected that.
 2022-12-27 22:12:58 -05:00
srividya0208
b6b86f1946 ipsec_closeaction: added recommendation for closeaction options 
Added VPN IPSec connection-type recommendation for the close-action and
dpd settings.
For example close-action restart should not be added on both peers
 2022-12-26 09:26:32 -05:00
Christian Poessinger
91e7d86a27 T4792: add initial documentation for SSTP client 2022-12-11 20:32:46 +01:00
srividya0208
ac70a57fd1 Modified the documentation as per the new format/syntax 2022-11-08 22:24:58 -05:00
Viacheslav Hletenko
4dabe5123f ipsec: T4118: Change IPSec syntax 
Migration and Change boolean nodes "enable/disable" to
disable-xxxx, enable-xxxx and just xxx for VPN IPsec
configurations

  - IKE changes:
      - replace 'ipsec ike-group <tag> mobike disable'
             => 'ipsec ike-group <tag> disable-mobike'
      - replace 'ipsec ike-group <tag> ikev2-reauth yes|no'
             => 'ipsec ike-group <tag> ikev2-reauth'
  - ESP changes:
      - replace 'ipsec esp-group <tag> compression enable'
             => 'ipsec esp-group <tag> compression'
  - PEER changes:
      - replace: 'peer <tag> id xxx'
              => 'peer <tag> local-id xxx'
      - replace: 'peer <tag> force-encapsulation enable'
              => 'peer <tag> force-udp-encapsulation'
      - add option: 'peer <tag> remote-address x.x.x.x'

If peer name is IPv4 or IPv6 address add remote-address via
migration script
 2022-09-29 17:16:28 +03:00
srividya0208
da88a7dadc ipsec-interface: syntax correction 
The command to set the vpn interface is changed in the rolling release
which is not modified in many configuration examples, corrected syntax
in all pages where it is mentioned
 2022-09-08 06:55:52 -04:00
aapostoliuk
6819261f12 openconnect: Fixed gramma mistake in commands 
Fixed gramma mistake in commands
 2022-08-05 14:34:44 +03:00
Kav7
2faccd7b98
Update sstp.rst 
The command path:
set vpn sstp ssl key-file <file>

Does not appear to exist anymore, as per https://github.com/vyos/vyos-1x/pull/1038
Can the doc be updated with instructions on SSTP setup with new command structure?
 2022-08-01 14:52:20 +10:00
Eshenko Dmitriy
41b567bd1e Add missing param to encrypt tunnel 2022-07-19 12:53:31 +01:00
goodNETnick
aff4b038c2 sstp: T4444. Port number changing support 2022-05-26 02:23:23 -04:00
goodNETnick
9b7955ceca ocserv. Added show user OTP key 2022-05-08 20:48:53 -04:00
srividya0208
af2af9b50f deletion of note related to nat 
Removed the note from the firewall page as nat grouping is not added yet
Added the information about new option 'none' in the site-to-site ipsec vpn
page
 2022-04-24 14:46:53 -04:00
goodNETnick
633f3f5651 OpenConnect new new syntax + OTP 2FA 2022-04-21 08:05:07 -04:00
mkorobeinikov
79ac4fec96
Update ipsec.rst 2022-02-23 10:59:25 +10:00
mkorobeinikov
ea485aede1
Add cisco_flexvpn and install_virtualip_on options 
Ability to set Cisco FlexVPN vendor ID payload:
charon.cisco_flexvpn = yes
charon.install_virtual_ip_on = tunX
swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z
 2022-02-23 10:49:37 +10:00
mkorobeinikov
5d3bffe651
Ability to set SA life bytes and packets 
https://phabricator.vyos.net/T1856
https://github.com/vyos/vyos-1x/pull/1230
 2022-02-23 09:13:27 +10:00
Christian Poessinger
4395d0080a openconnect: remove example b/c of missing PKI 
OpenConnect lacks full documentation which would also include how to create and
add use keys from the new PKI backend. For the time beeing we should not
confuse users.
 2022-02-20 20:28:13 +01:00
Christian Poessinger
9ca9ddcb07
Merge pull request #704 from rickard-tpo/patch-1 
Updated OpenConnect SSL Syntax
 2022-02-20 20:23:08 +01:00
srividya0208
06f30a8b32 vpn-gre:incorrect syntax: local-ip and remote-ip changed to source-address and remote 
vyos@vyos# set int tunnel tun0
Possible completions:

   remote       Tunnel remote address
   source-address
                Source IP address used to initiate connection
 2022-02-15 11:11:00 -05:00
rickard-tpo
e614cc874d
Updated SSL Syntax 
Updated syntax to match 1.4.x.
 2022-01-26 12:27:57 +00:00
goodNETnick
865ff61166 ESP group parameters 2021-12-07 13:46:15 +10:00
goodNETnick
8f3c52096c IKE group parameters 2021-11-26 11:26:57 +10:00
srividya0208
07f208bd6a VPN IPsec: Added a note related to rsa key 
A private key is also needed to finish the ipsec setup which is not mentioned
in the section "Source tunnel from loopbacks/Setting up IPSec". I have added
for reference.
 2021-11-18 10:38:43 -05:00
goodNETnick
fccc96e134 RSA-keys updated to new syntax 2021-10-20 15:41:45 +10:00
goodNETnick
72a677f75e IPsec key-pair new synthax 2021-10-19 17:36:44 +10:00
usman-umer
edacdd23e5 moved wg back into /interfaces dir 2021-07-11 22:30:24 +01:00
usman-umer
5b407ed606 Moved wireguard from the interfaces to vpn directory, as it is a VPN. 
Modified the index files to reflect this.
 Added Diagram of the VPN Topology
 Modified the weird IP subnets for local& remote sites. This Included:
	Changing the Interface Address for the wg01 tunnel
	Chaning the WAN addresses to addrs not in the RFC1918 range (1.1.1.1 & 2.2.2.2)
	Modifing the allowed IPs and static route to reflect this.
	Modified the ping test to reflect this.
 Added an annotated verison of the wireguard local&remote config.
 Added an example of a firewall exception for wirguard (OUTSIDE_IN)
 Modified the explanation for the behavior of AllowedIPs for remote clients.
 Added an example of "sudo wg" to the operational commands.
 Fixed typo
 2021-07-10 23:42:23 +01:00
srividya0208
ae6a2ba810 configuration page: corrected spelling and grammatical mistakes 
There were minimal grammatical and spelling mistakes in the files which I
corrected as documentation proof reading.
Also added information about few ipsec vpn parameters.
 2021-06-30 06:17:12 -04:00
Robert Göhler
679a7967f5
Merge pull request #546 from rebortg/autosectionlabel 
Autosectionlabel
 2021-06-11 22:28:02 +02:00
rebortg
df504dd6c1 autosectionlabel: add custom headline ref 2021-06-11 22:19:55 +02:00
Christian Poessinger
050335f959 ipsec: T3588: remove obsolete CLI commands for NAT 2021-06-06 20:02:09 +02:00
Oliver Dickins
5bd81dc482
Update l2tp.rst 
Update l2tp "name-server" with correct syntax
 2021-02-10 19:34:23 +00:00
srividya0208
8adf48d9b1 RSA Keys: Added information related to RSA keys 
RSA-Keys page was blank, so added the steps to generate and add the keys to
the VPN IPSec config.
Also corrected the IPSec/GRE page where authentication parameter was
missing before remote-id.
 2020-12-25 07:00:53 -05:00
rebortg
19596fd91e vpn: fix lint errors 2020-12-11 14:54:50 +01:00
rebortg
3ba03aeed5 l2tp: fix linter errors 2020-12-11 14:32:32 +01:00
rebortg
f6c43343bb Merge branch 'sagitta' of https://github.com/rebortg/vyos-documentation 2020-12-08 14:57:44 +01:00
rebortg
6f6950d14e fix build errors after arrange 2020-12-07 20:29:11 +01:00
rebortg
ce090a4ced arrange examples 2020-12-06 21:41:10 +01:00