diff options
author | Christian Poessinger <christian@poessinger.com> | 2019-11-17 19:52:57 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2019-11-17 19:53:00 +0100 |
commit | a02ef524ecfd5a8a4529c0d0e0c36d8abb0b9e04 (patch) | |
tree | 963ac4e06ac05acd22c3ae5c49259bd6c3b68c86 /docs/vpn/openvpn.rst | |
parent | a4bb80c2fa42ffae97fee9bfd3b0002241da55cf (diff) | |
download | vyos-documentation-a02ef524ecfd5a8a4529c0d0e0c36d8abb0b9e04.tar.gz vyos-documentation-a02ef524ecfd5a8a4529c0d0e0c36d8abb0b9e04.zip |
openvpn: beautify command snippets
Diffstat (limited to 'docs/vpn/openvpn.rst')
-rw-r--r-- | docs/vpn/openvpn.rst | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/docs/vpn/openvpn.rst b/docs/vpn/openvpn.rst index faa5e6bc..63949184 100644 --- a/docs/vpn/openvpn.rst +++ b/docs/vpn/openvpn.rst @@ -43,11 +43,11 @@ static keys, which is simpler in many cases. In this example, we'll configure a simple site-to-site OpenVPN tunnel using a 2048-bit pre-shared key. First, one of the systems generate the key using the operational command -`generate openvpn key <filename>`. This will generate a key with the name -provided in the `/config/auth/` directory. Once generated, you will need to +``generate openvpn key <filename>``. This will generate a key with the name +provided in the ``/config/auth/`` directory. Once generated, you will need to copy this key to the remote router. -In our example, we used the filename `openvpn-1.key` which we will reference +In our example, we used the filename ``openvpn-1.key`` which we will reference in our configuration. * The public IP address of the local side of the VPN will be 198.51.100.10 @@ -58,11 +58,11 @@ in our configuration. when possible. * The official port for OpenVPN is 1194, which we reserve for client VPN; we will use 1195 for site-to-site VPN. -* The `persistent-tunnel` directive will allow us to configure tunnel-related +* The ``persistent-tunnel`` directive will allow us to configure tunnel-related attributes, such as firewall policy as we would on any normal network interface. * If known, the IP of the remote router can be configured using the - `remote-host` directive; if unknown, it can be omitted. We will assume a + ``remote-host`` directive; if unknown, it can be omitted. We will assume a dynamic IP for our remote router. Local Configuration: @@ -196,12 +196,14 @@ all client subnets belong to 10.23.0.0/20. All clients need access to the 192.168.0.0/16 network. First we need to specify the basic settings. 1194/UDP is the default. The -`persistent-tunnel` option is recommended, it prevents the TUN/TAP device from +``persistent-tunnel`` option is recommended, it prevents the TUN/TAP device from closing on connection resets or daemon reloads. - -.. note:: Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur. - +.. note:: Using **openvpn-option -reneg-sec** can be tricky. This option is + used to renegotiate data channel after n seconds. When used at both server + and client, the lower value will trigger the renegotiation. If you set it to + 0 on one side of the connection (to disable it), the chosen value on the + other side will determine when the renegotiation will occur. .. code-block:: sh |