summaryrefslogtreecommitdiff
path: root/docs/vpn
diff options
context:
space:
mode:
authorcurrite <sll@disroot.org>2019-12-12 19:18:41 +0100
committercurrite <sll@disroot.org>2019-12-16 15:37:17 +0100
commit75d7d6a31b0a8e9bf730c8c4744c8e30f4c60c48 (patch)
treed675c7da21dd4788a22f26ddb4b31924ee012605 /docs/vpn
parent14bde748e96b500102a74fd8d1be98453745f7c7 (diff)
downloadvyos-documentation-75d7d6a31b0a8e9bf730c8c4744c8e30f4c60c48.tar.gz
vyos-documentation-75d7d6a31b0a8e9bf730c8c4744c8e30f4c60c48.zip
openvpn: add link to basic PKI setup in knowledge-base
Diffstat (limited to 'docs/vpn')
-rw-r--r--docs/vpn/openvpn.rst5
1 files changed, 3 insertions, 2 deletions
diff --git a/docs/vpn/openvpn.rst b/docs/vpn/openvpn.rst
index 1c728ef6..69961f0c 100644
--- a/docs/vpn/openvpn.rst
+++ b/docs/vpn/openvpn.rst
@@ -183,8 +183,8 @@ Server
======
Multi-client server is the most popular OpenVPN mode on routers. It always uses
-x.509 authentication and therefore requires a PKI setup. This guide assumes you
-have already setup a PKI and have a CA certificate, a server certificate and
+x.509 authentication and therefore requires a PKI setup. This guide assumes
+`you have already setup a PKI`_ and have a CA certificate, a server certificate and
key, a certificate revocation list, a Diffie-Hellman key exchange parameters
file. You do not need client certificates and keys for the server setup.
@@ -254,6 +254,7 @@ internally, so we need to create a route to the 10.23.0.0/20 network ourselves:
set protocols static interface-route 10.23.0.0/20 next-hop-interface vtun10
+.. _`you have already setup a PKI`: https://support.vyos.io/en/kb/articles/using-easy-rsa-to-generate-x-509-certificates-and-keys-2
Client Authentication
---------------------