summaryrefslogtreecommitdiff
path: root/docs/ch09-vpn.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/ch09-vpn.rst')
-rw-r--r--docs/ch09-vpn.rst11
1 files changed, 7 insertions, 4 deletions
diff --git a/docs/ch09-vpn.rst b/docs/ch09-vpn.rst
index f6242ffa..0b85af9d 100644
--- a/docs/ch09-vpn.rst
+++ b/docs/ch09-vpn.rst
@@ -13,14 +13,17 @@ site-to-site connections.
The advantages of OpenVPN are:
* It uses a single TCP or UDP connection and does not rely on packet source
- addresses, so it will work even through a double NAT: perfect for public
- hotspots and such
+addresses, so it will work even through a double NAT: perfect for public
+hotspots and such
+
* It's easy to setup and offers very flexible split tunneling
+
* There's a variety of client GUI frontends for any platform
The disadvantages are:
* It's slower than IPsec due to higher protocol overhead and the fact it runs
- in user mode while IPsec, on Linux, is in kernel mode
+in user mode while IPsec, on Linux, is in kernel mode
+
* None of the operating systems have client software installed by default
In the VyOS CLI, a key point often overlooked is that rather than being
@@ -302,7 +305,7 @@ Site-to-Site IPsec
Example:
* eth1 is WAN interface
* left subnet: 192.168.0.0/24 #s ite1, server side (i.e. locality, actually
- there is no client or server roles)
+there is no client or server roles)
* left local_ip: 1.1.1.1 # server side WAN IP
* right subnet: 10.0.0.0/24 # site2,remote office side
* right local_ip: 2.2.2.2 # remote office side WAN IP