diff options
Diffstat (limited to 'docs/configuration/interfaces')
| -rw-r--r-- | docs/configuration/interfaces/dummy.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/interfaces/ethernet.rst | 8 | ||||
| -rw-r--r-- | docs/configuration/interfaces/geneve.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/interfaces/l2tpv3.rst | 23 | ||||
| -rw-r--r-- | docs/configuration/interfaces/loopback.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/interfaces/macsec.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/interfaces/pppoe.rst | 16 | ||||
| -rw-r--r-- | docs/configuration/interfaces/pseudo-ethernet.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/interfaces/tunnel.rst | 10 | ||||
| -rw-r--r-- | docs/configuration/interfaces/vxlan.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/interfaces/wireguard.rst | 7 | ||||
| -rw-r--r-- | docs/configuration/interfaces/wireless.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/interfaces/wwan.rst | 3 |
13 files changed, 44 insertions, 37 deletions
diff --git a/docs/configuration/interfaces/dummy.rst b/docs/configuration/interfaces/dummy.rst index ba09d9a7..945361c2 100644 --- a/docs/configuration/interfaces/dummy.rst +++ b/docs/configuration/interfaces/dummy.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-06-30 +:lastproofread: 2023-01-20 .. _dummy-interface: diff --git a/docs/configuration/interfaces/ethernet.rst b/docs/configuration/interfaces/ethernet.rst index 96ccb25f..76f02d6d 100644 --- a/docs/configuration/interfaces/ethernet.rst +++ b/docs/configuration/interfaces/ethernet.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-06-30 +:lastproofread: 2023-01-20 .. _ethernet-interface: @@ -107,10 +107,8 @@ Offloading - it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs)). - -.. cmdinclude:: /_include/interface-xdp.txt - :var0: ethernet - :var1: eth0 + .. note:: In order to use TSO/LRO with VMXNET3 adaters one must also enable + the SG offloading option. Authentication (EAPoL) ---------------------- diff --git a/docs/configuration/interfaces/geneve.rst b/docs/configuration/interfaces/geneve.rst index b13e2ece..bf8b0920 100644 --- a/docs/configuration/interfaces/geneve.rst +++ b/docs/configuration/interfaces/geneve.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-06-30 +:lastproofread: 2023-01-20 .. _geneve-interface: diff --git a/docs/configuration/interfaces/l2tpv3.rst b/docs/configuration/interfaces/l2tpv3.rst index 191158b7..897e38dc 100644 --- a/docs/configuration/interfaces/l2tpv3.rst +++ b/docs/configuration/interfaces/l2tpv3.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-06-30 +:lastproofread: 2023-01-20 .. include:: /_include/need_improvement.txt @@ -141,29 +141,26 @@ IPSec: .. code-block:: none + set vpn ipsec authentication psk <pre-shared-name> id '%any' + set vpn ipsec authentication psk <pre-shared-name> secret <pre-shared-key> set vpn ipsec interface <VPN-interface> - set vpn ipsec esp-group test-ESP-1 compression 'disable' set vpn ipsec esp-group test-ESP-1 lifetime '3600' set vpn ipsec esp-group test-ESP-1 mode 'transport' set vpn ipsec esp-group test-ESP-1 pfs 'enable' set vpn ipsec esp-group test-ESP-1 proposal 1 encryption 'aes128' set vpn ipsec esp-group test-ESP-1 proposal 1 hash 'sha1' - set vpn ipsec ike-group test-IKE-1 ikev2-reauth 'no' set vpn ipsec ike-group test-IKE-1 key-exchange 'ikev1' set vpn ipsec ike-group test-IKE-1 lifetime '3600' set vpn ipsec ike-group test-IKE-1 proposal 1 dh-group '5' set vpn ipsec ike-group test-IKE-1 proposal 1 encryption 'aes128' set vpn ipsec ike-group test-IKE-1 proposal 1 hash 'sha1' - set vpn ipsec site-to-site peer <peer-ip> authentication mode 'pre-shared-secret' - set vpn ipsec site-to-site peer <peer-ip> authentication pre-shared-secret <pre-shared-key> - set vpn ipsec site-to-site peer <peer-ip> connection-type 'initiate' - set vpn ipsec site-to-site peer <peer-ip> ike-group 'test-IKE-1' - set vpn ipsec site-to-site peer <peer-ip> ikev2-reauth 'inherit' - set vpn ipsec site-to-site peer <peer-ip> local-address <local-ip> - set vpn ipsec site-to-site peer <peer-ip> tunnel 1 allow-nat-networks 'disable' - set vpn ipsec site-to-site peer <peer-ip> tunnel 1 allow-public-networks 'disable' - set vpn ipsec site-to-site peer <peer-ip> tunnel 1 esp-group 'test-ESP-1' - set vpn ipsec site-to-site peer <peer-ip> tunnel 1 protocol 'l2tp' + set vpn ipsec site-to-site peer <connection-name> authentication mode 'pre-shared-secret' + set vpn ipsec site-to-site peer <connection-name> connection-type 'initiate' + set vpn ipsec site-to-site peer <connection-name> ike-group 'test-IKE-1' + set vpn ipsec site-to-site peer <connection-name> ikev2-reauth 'inherit' + set vpn ipsec site-to-site peer <connection-name> local-address <local-ip> + set vpn ipsec site-to-site peer <connection-name> tunnel 1 esp-group 'test-ESP-1' + set vpn ipsec site-to-site peer <connection-name> tunnel 1 protocol 'l2tp' Bridge: diff --git a/docs/configuration/interfaces/loopback.rst b/docs/configuration/interfaces/loopback.rst index b97aa69c..8e983abb 100644 --- a/docs/configuration/interfaces/loopback.rst +++ b/docs/configuration/interfaces/loopback.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-06-30 +:lastproofread: 2023-01-20 .. _loopback-interface: diff --git a/docs/configuration/interfaces/macsec.rst b/docs/configuration/interfaces/macsec.rst index 338ad3ae..60877d73 100644 --- a/docs/configuration/interfaces/macsec.rst +++ b/docs/configuration/interfaces/macsec.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-07-05 +:lastproofread: 2023-01-20 .. _macsec-interface: diff --git a/docs/configuration/interfaces/pppoe.rst b/docs/configuration/interfaces/pppoe.rst index 0953e948..74a43bb5 100644 --- a/docs/configuration/interfaces/pppoe.rst +++ b/docs/configuration/interfaces/pppoe.rst @@ -91,7 +91,7 @@ PPPoE options This command allows you to select a specific access concentrator when you know the access concentrators `<name>`. -.. cfgcmd:: set interfaces pppoe <interface> authentication user <username> +.. cfgcmd:: set interfaces pppoe <interface> authentication username <username> Use this command to set the username for authenticating with a remote PPPoE endpoint. Authentication is optional from the system's point of view but @@ -154,6 +154,14 @@ PPPoE options when it is idle and after the initial establishment of the connection. It will stay up forever. +.. cfgcmd:: set interfaces pppoe <interface> holdoff <time> + + Use this command to set re-dial delay time to be used with persist PPPoE + sessions. When the PPPoE session is terminated by peer, and on-demand + option is not set, the router will attempt to re-establish the PPPoE link. + + If this parameter is not set, the default holdoff time is 30 seconds. + .. cfgcmd:: set interfaces pppoe <interface> local-address <address> Use this command to set the IP address of the local endpoint of a PPPoE @@ -324,7 +332,7 @@ Requirements: .. code-block:: none - set interfaces pppoe pppoe0 authentication user 'userid' + set interfaces pppoe pppoe0 authentication username 'userid' set interfaces pppoe pppoe0 authentication password 'secret' set interfaces pppoe pppoe0 source-interface 'eth0' @@ -349,7 +357,7 @@ which is the default VLAN for Deutsche Telekom: .. code-block:: none - set interfaces pppoe pppoe0 authentication user 'userid' + set interfaces pppoe pppoe0 authentication username 'userid' set interfaces pppoe pppoe0 authentication password 'secret' set interfaces pppoe pppoe0 source-interface 'eth0.7' @@ -367,7 +375,7 @@ If you do not know the prefix size delegated to you, start with sla-len 0. .. code-block:: none - set interfaces pppoe pppoe0 authentication user vyos + set interfaces pppoe pppoe0 authentication username vyos set interfaces pppoe pppoe0 authentication password vyos set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0 address '1' set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0 sla-id '0' diff --git a/docs/configuration/interfaces/pseudo-ethernet.rst b/docs/configuration/interfaces/pseudo-ethernet.rst index b2849772..59b3581c 100644 --- a/docs/configuration/interfaces/pseudo-ethernet.rst +++ b/docs/configuration/interfaces/pseudo-ethernet.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-07-09 +:lastproofread: 2023-01-26 .. _pseudo-ethernet-interface: diff --git a/docs/configuration/interfaces/tunnel.rst b/docs/configuration/interfaces/tunnel.rst index eac74d91..31539d9f 100644 --- a/docs/configuration/interfaces/tunnel.rst +++ b/docs/configuration/interfaces/tunnel.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-07-09 +:lastproofread: 2023-01-26 .. _tunnel-interface: @@ -18,7 +18,11 @@ a closer look at the protocols and options currently supported by VyOS. Common interface configuration ------------------------------ -.. cmdinclude:: /_include/interface-common-without-dhcp1.txt +.. cmdinclude:: /_include/interface-address.txt + :var0: tunnel + :var1: tun0 + +.. cmdinclude:: /_include/interface-common-without-mac.txt :var0: tunnel :var1: tun0 @@ -207,7 +211,7 @@ GRETAP ^^^^^^^ While normal GRE is for layer 3, GRETAP is for layer 2. GRETAP can encapsulate -Ethernet frames, thus it can be bridged with other interfaces to create +Ethernet frames, thus it can be bridged with other interfaces to create datalink layer segments that span multiple remote sites. .. code-block:: none diff --git a/docs/configuration/interfaces/vxlan.rst b/docs/configuration/interfaces/vxlan.rst index 7edeafb5..86568686 100644 --- a/docs/configuration/interfaces/vxlan.rst +++ b/docs/configuration/interfaces/vxlan.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-07-09 +:lastproofread: 2023-01-26 .. _vxlan-interface: diff --git a/docs/configuration/interfaces/wireguard.rst b/docs/configuration/interfaces/wireguard.rst index 93093b5d..18a888df 100644 --- a/docs/configuration/interfaces/wireguard.rst +++ b/docs/configuration/interfaces/wireguard.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-10-01 +:lastproofread: 2023-01-26 .. _wireguard: @@ -173,6 +173,7 @@ traffic. Associates the previously generated private key to a specific WireGuard interface. The private key can be generate via the command + :opcmd:`generate pki wireguard key-pair`. .. code-block:: none @@ -243,8 +244,8 @@ asymmetric crypto. This is optional. .. code-block:: none - vyos@vyos:~$ generate pki wireguard preshared-key install - rvVDOoc2IYEnV+k5p7TNAmHBMEGTHbPU8Qqg8c/sUqc= + vyos@vyos:~$ generate pki wireguard preshared-key + Pre-shared key: rvVDOoc2IYEnV+k5p7TNAmHBMEGTHbPU8Qqg8c/sUqc= Copy the key, as it is not stored on the local filesystem. Because it is a symmetric key, only you and your peer should have knowledge of diff --git a/docs/configuration/interfaces/wireless.rst b/docs/configuration/interfaces/wireless.rst index 8be7cec9..f45101b5 100644 --- a/docs/configuration/interfaces/wireless.rst +++ b/docs/configuration/interfaces/wireless.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-07-13 +:lastproofread: 2023-01-26 .. _wireless-interface: diff --git a/docs/configuration/interfaces/wwan.rst b/docs/configuration/interfaces/wwan.rst index 0c820471..98890158 100644 --- a/docs/configuration/interfaces/wwan.rst +++ b/docs/configuration/interfaces/wwan.rst @@ -1,4 +1,4 @@ -:lastproofread: 2021-07-13 +:lastproofread: 2023-01-27 .. _wwan-interface: @@ -22,7 +22,6 @@ Common interface configuration :var0: wwan :var1: wwan0 - .. cmdinclude:: /_include/interface-description.txt :var0: wwan :var1: wwan0 |