summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorgoodNETnick <pknet@ya.ru>2021-10-07 19:56:50 +1000
committergoodNETnick <pknet@ya.ru>2021-10-07 19:56:50 +1000
commit9340aca617e941e7c7d165aa9b2f353312a2865b (patch)
tree9591015b1b601fe93bf731a6f7b3fa85a9b4125c /docs
parent0a0070d7d93ebb2de41dd84886f385931eecb737 (diff)
downloadvyos-documentation-9340aca617e941e7c7d165aa9b2f353312a2865b.tar.gz
vyos-documentation-9340aca617e941e7c7d165aa9b2f353312a2865b.zip
Warning about IPsec and VTI interfaces
Diffstat (limited to 'docs')
-rw-r--r--docs/configuration/interfaces/vti.rst10
-rw-r--r--docs/configuration/interfaces/wireguard.rst1
2 files changed, 9 insertions, 2 deletions
diff --git a/docs/configuration/interfaces/vti.rst b/docs/configuration/interfaces/vti.rst
index 34842866..cb25773d 100644
--- a/docs/configuration/interfaces/vti.rst
+++ b/docs/configuration/interfaces/vti.rst
@@ -3,7 +3,6 @@
##############################
VTI - Virtual Tunnel Interface
##############################
-
Set Virtual Tunnel Interface
.. code-block:: none
@@ -20,4 +19,11 @@ Results in:
address 192.168.2.249/30
address 2001:db8:2::249/64
description "Description"
- } \ No newline at end of file
+ }
+
+.. warning:: When using site-to-site IPsec with VTI interfaces,
+ be sure to disable route autoinstall
+
+.. code-block:: none
+
+ set vpn ipsec options disable-route-autoinstall \ No newline at end of file
diff --git a/docs/configuration/interfaces/wireguard.rst b/docs/configuration/interfaces/wireguard.rst
index df6433c6..1c4b734c 100644
--- a/docs/configuration/interfaces/wireguard.rst
+++ b/docs/configuration/interfaces/wireguard.rst
@@ -151,6 +151,7 @@ below is always the public key from your peer, not your local one.
.. code-block:: none
set interfaces wireguard wg01 address '10.1.0.1/30'
+ set interfaces wireguard wg01 description 'VPN-to-wg02'
set interfaces wireguard wg01 peer to-wg02 allowed-ips '192.168.2.0/24'
set interfaces wireguard wg01 peer to-wg02 address '192.0.2.1'
set interfaces wireguard wg01 peer to-wg02 port '51820'