diff options
| author | ekhudiyev <88712424+ekhudiyev@users.noreply.github.com> | 2021-10-07 11:41:18 +0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-07 11:41:18 +0400 |
| commit | 26e044591330fb336f6f152deb3eed9fa3e0d00d (patch) | |
| tree | bbfbd061a6bc0d3a98092f9f99dcd568d7ce2281 /docs/configuration/interfaces/openvpn.rst | |
| parent | f35da586d2c35b73b4113628ca278af1e8ea3a11 (diff) | |
| download | vyos-documentation-26e044591330fb336f6f152deb3eed9fa3e0d00d.tar.gz vyos-documentation-26e044591330fb336f6f152deb3eed9fa3e0d00d.zip | |
Update openvpn.rst
Cross-reference corrections
Diffstat (limited to 'docs/configuration/interfaces/openvpn.rst')
| -rw-r--r-- | docs/configuration/interfaces/openvpn.rst | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index eab1517e..6bfc0b9d 100644 --- a/docs/configuration/interfaces/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -48,8 +48,9 @@ Site-to-site mode supports x.509 but doesn't require it and can also work with static keys, which is simpler in many cases. In this example, we'll configure a simple site-to-site OpenVPN tunnel using a 2048-bit pre-shared key. -First, one of the systems generate the key using the `generate pki openvpn shared-secret <https://docs.vyos.io/en/latest/configuration/pki/index.html#openvpn>`_ command. -Once generated, you will need to install this key on the local system, then copy and install this key to the remote router. +First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret<configuration/pki:pki>` +command. Once generated, you will need to install this key on the local system, +then copy and install this key to the remote router. In our example, we used the key name ``openvpn-1`` which we will reference in our configuration. @@ -96,10 +97,14 @@ Local Configuration - Annotated: .. code-block:: none - run generate pki openvpn shared-secret install openvpn-1 # Locally genearated OpenVPN shared secret. The generated secret is the output to the console. + run generate pki openvpn shared-secret install openvpn-1 # Locally genearated OpenVPN shared secret. + The generated secret is the output to + the console. Configure mode commands to install OpenVPN key: - set pki openvpn shared-secret openvpn-1 key 'generated_key_string' # Generated secret displayed in the output to the console. - set pki openvpn shared-secret openvpn-1 version '1' # Generated secret displayed in the output to the console. + set pki openvpn shared-secret openvpn-1 key 'generated_key_string' # Generated secret displayed in the output to + the console. + set pki openvpn shared-secret openvpn-1 version '1' # Generated secret displayed in the output to + the console. set interfaces openvpn vtun1 mode site-to-site set interfaces openvpn vtun1 protocol udp @@ -133,7 +138,8 @@ Remote Configuration - Annotated: .. code-block:: none - set pki openvpn shared-secret openvpn-1 key 'generated_key_string' # Locally genearated OpenVPN shared secret (from the Local Configuration Block). + set pki openvpn shared-secret openvpn-1 key 'generated_key_string' # Locally genearated OpenVPN shared secret + (from the Local Configuration Block). set pki openvpn shared-secret openvpn-1 version '1' set interfaces openvpn vtun1 mode site-to-site @@ -268,7 +274,7 @@ Server Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic -`PKI <https://docs.vyos.io/en/latest/configuration/pki/index.html#pki>`_ to generate a CA certificate, +:ref:`configuration/pki:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup. @@ -302,17 +308,18 @@ Then we need to generate, add and specify the names of the cryptographic materia .. code-block:: none - run generate pki ca install ca-1 # Follow the instructions to generate CA cert + run generate pki ca install ca-1 # Follow the instructions to generate CA cert. Configure mode commands to install: set pki ca ca-1 certificate 'generated_cert_string' set pki ca ca-1 private key 'generated_private_key' - run generate pki certificate sign ca-1 install srv-1 # Follow the instructions to generate server cert + run generate pki certificate sign ca-1 install srv-1 # Follow the instructions to generate server cert. Configure mode commands to install: set pki certificate srv-1 certificate 'generated_server_cert' set pki certificate srv-1 private key 'generated_private_key' - run generate pki dh install dh-1 # Follow the instructions to generate set of Diffie-Hellman parameters + run generate pki dh install dh-1 # Follow the instructions to generate set of + Diffie-Hellman parameters. Generating parameters... Configure mode commands to install DH parameters: set pki dh dh-1 parameters 'generated_dh_params_set' @@ -361,7 +368,8 @@ HQ's router requires the following steps to generate crypto materials for the Br .. code-block:: none - run generate pki certificate sign ca-1 install branch-1 # Follow the instructions to generate client cert for Branch 1 + run generate pki certificate sign ca-1 install branch-1 # Follow the instructions to generate client + cert for Branch 1 Configure mode commands to install: Branch 1's router might have the following lines: |