diff options
Diffstat (limited to 'docs/configexamples')
| -rw-r--r-- | docs/configexamples/ansible.rst | 18 | ||||
| -rw-r--r-- | docs/configexamples/policy-based-ipsec-and-firewall.rst | 24 |
2 files changed, 21 insertions, 21 deletions
diff --git a/docs/configexamples/ansible.rst b/docs/configexamples/ansible.rst index fc243c44..0f4dbbda 100644 --- a/docs/configexamples/ansible.rst +++ b/docs/configexamples/ansible.rst @@ -1,4 +1,4 @@ -:lastproofread: 2023-10-18 +:lastproofread: 2024-04-09 .. _examples-ansible: @@ -33,14 +33,14 @@ We have four pre-configured routers with this configuration: * vyos9 - 192.0.2.107 * vyos10 - 192.0.2.108 -Install the Ansible: +Install Ansible: ==================== .. code-block:: none # apt-get install ansible Do you want to continue? [Y/n] y -Install the paramiko: +Install Paramiko: ===================== .. code-block:: none @@ -60,7 +60,7 @@ Check the version: executable location = /usr/bin/ansible python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110] -Basik configuration of the ansible.cfg: +Basic configuration of ansible.cfg: ======================================= .. code-block:: none @@ -69,8 +69,8 @@ Basik configuration of the ansible.cfg: [defaults] host_key_checking = no -Add all the hosts of VyOS: -========================== +Add all the VyOS hosts: +======================= .. code-block:: none @@ -95,8 +95,8 @@ Add general variables: ansible_ssh_pass: vyos -Add the simple playbook with the tasks for each router: -======================================================= +Add a simple playbook with the tasks for each router: +===================================================== .. code-block:: none @@ -213,4 +213,4 @@ The simple way without configuration of the hostname (one task for all routers): vyos9 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 -In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables. +In the next chapter of the example, we'll use Ansible with jinja2 templates and variables. diff --git a/docs/configexamples/policy-based-ipsec-and-firewall.rst b/docs/configexamples/policy-based-ipsec-and-firewall.rst index 9b7ba73a..2337c1ac 100644 --- a/docs/configexamples/policy-based-ipsec-and-firewall.rst +++ b/docs/configexamples/policy-based-ipsec-and-firewall.rst @@ -5,35 +5,35 @@ Policy-Based Site-to-Site VPN and Firewall Configuration -------------------------------------------------------- This guide shows an example policy-based IKEv2 site-to-site VPN between two -VyOS routers, and firewall configiuration. +VyOS routers, and firewall configuration. -For simplicity, configuration and tests are done only using ipv4, and firewall -configuration in done only on one router. +For simplicity, configuration and tests are done only using IPv4, and firewall +configuration is done only on one router. Network Topology and requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This configuration example and the requirments consists on: +This configuration example and the requirments consists of: - Two VyOS routers with public IP address. - 2 private subnets on each site. -- Local subnets should be able to reach internet using source nat. +- Local subnets should be able to reach internet using source NAT. -- Communication between private subnets should be done through ipsec tunnel - without nat. +- Communication between private subnets should be done through IPSec tunnel + without NAT. - Configuration of basic firewall in one site, in order to: - - Protect the router on 'WAN' interface, allowing only ipsec connections - and ssh access from trusted ips. + - Protect the router on 'WAN' interface, allowing only IPSec connections + and SSH access from trusted IPs. - Allow access to the router only from trusted networks. - - Allow dns requests only only for local networks. + - Allow DNS requests only only for local networks. - - Allow icmp on all interfaces. + - Allow ICMP on all interfaces. - Allow all new connections from local subnets. @@ -203,7 +203,7 @@ And NAT Configuration: Checking through op-mode commands ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -After some testing, we can check ipsec status, and counter on every tunnel: +After some testing, we can check IPSec status, and counter on every tunnel: .. code-block:: none |