summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Göhler <github@ghlr.de>2022-04-26 15:33:45 +0200
committerGitHub <noreply@github.com>2022-04-26 15:33:45 +0200
commit0323f03645e4d9dd9e8afd85b4ae39d4b94cb6ba (patch)
treee6626f8beb7594621e3dabc3700c5c28cd010ed5
parent12823d803b4e9c933898f4d450f7448e0bd6972d (diff)
parentaf2af9b50f437bf0ac79d294b7ae49408221ba03 (diff)
downloadvyos-documentation-0323f03645e4d9dd9e8afd85b4ae39d4b94cb6ba.tar.gz
vyos-documentation-0323f03645e4d9dd9e8afd85b4ae39d4b94cb6ba.zip
Merge pull request #760 from srividya0208/proofreading
deletion of note related to nat
-rw-r--r--docs/configuration/firewall/index.rst2
-rw-r--r--docs/configuration/vpn/site2site_ipsec.rst7
2 files changed, 5 insertions, 4 deletions
diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst
index 6bc362ea..c2b47c80 100644
--- a/docs/configuration/firewall/index.rst
+++ b/docs/configuration/firewall/index.rst
@@ -154,8 +154,6 @@ either a source or destination. Members can be added or removed from a
group without changes to, or the need to reload, individual firewall
rules.
-.. note:: Groups can also be referenced by NAT configuration.
-
Groups need to have unique names. Even though some contain IPv4
addresses and others contain IPv6 addresses, they still need to have
unique names, so you may want to append "-v4" or "-v6" to your group
diff --git a/docs/configuration/vpn/site2site_ipsec.rst b/docs/configuration/vpn/site2site_ipsec.rst
index aace98aa..2fa59dc1 100644
--- a/docs/configuration/vpn/site2site_ipsec.rst
+++ b/docs/configuration/vpn/site2site_ipsec.rst
@@ -74,16 +74,19 @@ Each site-to-site peer has the next options:
* ``connection-type`` - how to handle this connection process. Possible
variants:
- * ``initiate`` - do initial connection to remote peer immediately after
+ * ``initiate`` - does initial connection to remote peer immediately after
configuring and after boot. In this mode the connection will not be restarted
in case of disconnection, therefore should be used only together with DPD or
another session tracking methods;
- * ``respond`` - do not try to initiate a connection to a remote peer. In this
+ * ``respond`` - does not try to initiate a connection to a remote peer. In this
mode, the IPSec session will be established only after initiation from a
remote peer. Could be useful when there is no direct connectivity to the
peer due to firewall or NAT in the middle of the local and remote side.
+ * ``none`` - loads the connection only, which then can be manually initiated or
+ used as a responder configuration.
+
* ``default-esp-group`` - ESP group to use by default for traffic encryption.
Might be overwritten by individual settings for tunnel or VTI interface
binding;