diff options
Diffstat (limited to 'docs/configuration/service')
| -rw-r--r-- | docs/configuration/service/broadcast-relay.rst | 6 | ||||
| -rw-r--r-- | docs/configuration/service/dhcp-relay.rst | 10 | ||||
| -rw-r--r-- | docs/configuration/service/dhcp-server.rst | 13 | ||||
| -rw-r--r-- | docs/configuration/service/dns.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/service/https.rst | 14 | ||||
| -rw-r--r-- | docs/configuration/service/pppoe-server.rst | 17 | ||||
| -rw-r--r-- | docs/configuration/service/router-advert.rst | 3 | ||||
| -rw-r--r-- | docs/configuration/service/snmp.rst | 5 | ||||
| -rw-r--r-- | docs/configuration/service/ssh.rst | 4 | ||||
| -rw-r--r-- | docs/configuration/service/tftp-server.rst | 22 |
10 files changed, 56 insertions, 40 deletions
diff --git a/docs/configuration/service/broadcast-relay.rst b/docs/configuration/service/broadcast-relay.rst index 0b0e1054..b6e2bed7 100644 --- a/docs/configuration/service/broadcast-relay.rst +++ b/docs/configuration/service/broadcast-relay.rst @@ -28,10 +28,10 @@ Configuration want to receive/relay packets on both `eth1` and `eth2` both interfaces need to be added. -.. cfgcmd:: set service broadcast-relay id <n> address <address> +.. cfgcmd:: set service broadcast-relay id <n> address <ipv4-address> - Set a optional source IP of the forwarded packets, - otherwise the original sender address is used. + Set the source IP of forwarded packets, otherwise original senders address + is used. .. cfgcmd:: set service broadcast-relay id <n> port <port> diff --git a/docs/configuration/service/dhcp-relay.rst b/docs/configuration/service/dhcp-relay.rst index b9aefbfb..b489b600 100644 --- a/docs/configuration/service/dhcp-relay.rst +++ b/docs/configuration/service/dhcp-relay.rst @@ -8,7 +8,8 @@ If you want your router to forward DHCP requests to an external DHCP server you can configure the system to act as a DHCP relay agent. The DHCP relay agent works with IPv4 and IPv6 addresses. -All interfaces used for the DHCP relay must be configured. +All interfaces used for the DHCP relay must be configured. This includes the +uplink to the DHCP server. ********** IPv4 relay @@ -19,7 +20,8 @@ Configuration .. cfgcmd:: set service dhcp-relay interface <interface> - Enable the DHCP relay service on the given interface. + Interfaces that participate in the DHCP relay process, including the uplink + to the DHCP server. .. cfgcmd:: set service dhcp-relay server <server> @@ -62,9 +64,9 @@ Example ======= * Listen for DHCP requests on interface ``eth1``. -* DHCP server is located at IPv4 address 10.0.1.4. +* DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``. * Router receives DHCP client requests on ``eth1`` and relays them to the server - at 10.0.1.4. + at 10.0.1.4 on ``eth2``. .. figure:: /_static/images/service_dhcp-relay01.png :scale: 80 % diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index f55c7a45..4ddb6d69 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -21,6 +21,16 @@ address. Configuration ============= +.. cfgcmd:: set service dhcp-server hostfile-update + + Create DNS record per client lease, by adding clients to /etc/hosts file. + Entry will have format: `<shared-network-name>_<hostname>.<domain-name>` + +.. cfgcmd:: set service dhcp-server host-decl-name + + Will drop `<shared-network-name>_` from client DNS record, using only the + host declaration name and domain: `<hostname>.<domain-name>` + .. cfgcmd:: set service dhcp-server shared-network-name <name> domain-name <domain-name> The domain-name parameter should be the domain name that will be appended to @@ -447,7 +457,8 @@ Raw Parameters Option 43 for UniFI ------------------- -* These parameters need to be part of the DHCP global options. They stay unchanged. +* These parameters need to be part of the DHCP global options. + They stay unchanged. .. code-block:: none diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst index 23634824..ce26b856 100644 --- a/docs/configuration/service/dns.rst +++ b/docs/configuration/service/dns.rst @@ -204,6 +204,8 @@ Configuration :rfc:`2136` Based ----------------- +.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> + Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`. diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst index de5e759a..a1ca6490 100644 --- a/docs/configuration/service/https.rst +++ b/docs/configuration/service/https.rst @@ -4,7 +4,7 @@ HTTP-API ######## -VyOS provides an HTTP API. You can use it to execute op-mode commands, +VyOS provide an HTTP API. You can use it to execute op-mode commands, update VyOS, set or delete config. Please take a look at the :ref:`vyosapi` page for an detailed how-to. @@ -15,7 +15,7 @@ Configuration .. cfgcmd:: set service https api keys id <name> key <apikey> - Set a named api key, every key has the same, full permissions + Set a named api key. Every key has the same, full permissions on the system. .. cfgcmd:: set service https api debug @@ -37,6 +37,7 @@ Configuration Enforce strict path checking .. cfgcmd:: set service https virtual-host <vhost> listen-address + <ipv4 or ipv6 address> Address to listen for HTTPS requests @@ -46,11 +47,11 @@ Configuration .. cfgcmd:: set service https virtual-host <vhost> server-name <text> - Server names for virtual hosts it ca be exact, wildcard or regex. + Server names for virtual hosts it can be exact, wildcard or regex. .. cfgcmd:: set service https api-restrict virtual-host <vhost> - Nginx exposes the local API on all virtual servers, by default. + By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts. .. cfgcmd:: set service https certificates certbot domain-name <text> @@ -75,15 +76,14 @@ Configuration Example Configuration ********************* -Setting an API-KEY is the minimal configuration needed to get a working API -Endpoint. +Set an API-KEY is the minimal configuration to get a working API Endpoint. .. code-block:: none set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY -To use this full configuration we asume a globally resolvable hostname. +To use this full configuration we asume a public accessible hostname. .. code-block:: none diff --git a/docs/configuration/service/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst index ad99cec0..066ecc73 100644 --- a/docs/configuration/service/pppoe-server.rst +++ b/docs/configuration/service/pppoe-server.rst @@ -172,14 +172,15 @@ Automatic VLAN Creation .. cfgcmd:: set service pppoe-server interface <interface> <vlan-id | vlan range> <text> - VLAN's can be created by accel-ppp on the fly via the use of a Kernel - module named `vlan_mon`, which is monitoring incoming vlans and - creates the necessary VLAN if required and allowed. VyOS supports the - use of either VLAN ID's or entire ranges, both values can be defined - at the same time for an interface. When configured, the PPPoE will - create the necessary VLANs when required. Once the user session has - been cancelled and the VLAN is not needed anymore, VyOS will remove - it again. + VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module + named `vlan_mon`, which is monitoring incoming vlans and creates the + necessary VLAN if required and allowed. VyOS supports the use of either + VLAN ID's or entire ranges, both values can be defined at the same time for + an interface. + + When configured, PPPoE will create the necessary VLANs when required. Once + the user session has been cancelled and the VLAN is not needed anymore, VyOS + will remove it again. .. code-block:: none diff --git a/docs/configuration/service/router-advert.rst b/docs/configuration/service/router-advert.rst index 36fa600d..9aaacec2 100644 --- a/docs/configuration/service/router-advert.rst +++ b/docs/configuration/service/router-advert.rst @@ -8,7 +8,6 @@ Router Advertisements They are part of what is known as :abbr:`SLAAC (Stateless Address Autoconfiguration)`. - Supported interface types: * bonding @@ -21,7 +20,7 @@ Supported interface types: * vxlan * wireguard * wireless - * wirelessmodem + * wwan Enabling Advertisments diff --git a/docs/configuration/service/snmp.rst b/docs/configuration/service/snmp.rst index 1977bf7f..7f50a6a0 100644 --- a/docs/configuration/service/snmp.rst +++ b/docs/configuration/service/snmp.rst @@ -131,7 +131,7 @@ sent in clear text between a manager and agent. Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used. -The security approach in v3 targets: +The security approach in SNMPv3 targets: * Confidentiality – Encryption of packets to prevent snooping by an unauthorized source. @@ -203,7 +203,8 @@ VyOS MIBs All SNMP MIBs are located in each image of VyOS here: ``/usr/share/snmp/mibs/`` -You can download the file to your local host with an active ssh service like this +You are be able to download the files using SCP, once the SSH service +has been activated like so .. code-block:: none diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst index e03d1e70..b4018c52 100644 --- a/docs/configuration/service/ssh.rst +++ b/docs/configuration/service/ssh.rst @@ -157,7 +157,7 @@ Operation ``/config/auth/id_rsa_rpki.pub`` will be created. -.. opcmd:: generate public-key-command name <username> path <location> +.. opcmd:: generate public-key-command user <username> path <location> Generate the configuration mode commands to add a public key for :ref:`ssh_key_based_authentication`. @@ -169,7 +169,7 @@ Operation .. code-block:: none - alyssa@vyos:~$ generate public-key-command name alyssa path sftp://example.net/home/alyssa/.ssh/id_rsa.pub + alyssa@vyos:~$ generate public-key-command user alyssa path sftp://example.net/home/alyssa/.ssh/id_rsa.pub # To add this key as an embedded key, run the following commands: configure set system login user alyssa authentication public-keys alyssa@example.net key AAA... diff --git a/docs/configuration/service/tftp-server.rst b/docs/configuration/service/tftp-server.rst index 268db872..1f4bb380 100644 --- a/docs/configuration/service/tftp-server.rst +++ b/docs/configuration/service/tftp-server.rst @@ -15,18 +15,18 @@ Configuration .. cfgcmd:: set service tftp-server directory <directory> -Enable TFTP service by specifying the `<directory>` which will be used to serve -files. + Enable TFTP service by specifying the `<directory>` which will be used to serve + files. -.. hint:: Choose your ``directory`` location carefully or you will loose the - content on image upgrades. Any directory under ``/config`` is save at this - will be migrated. +.. hint:: Choose your ``directory`` location carefully or you will lose the + content on image upgrades. We preserve the contents of ``/config``, so we + recommend using a directory there, for example ``/config/tftpboot``. .. cfgcmd:: set service tftp-server listen-address <address> -Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple IPv4 and -IPv6 addresses can be given. There will be one TFTP server instances listening -on each IP address. + Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple IPv4 and + IPv6 addresses can be given. There will be one TFTP server instances listening + on each IP address. .. cfgcmd:: set service tftp-server listen-address <address> vrf <name> @@ -40,15 +40,15 @@ Additional option to run TFTP server in the :abbr:`VRF (Virtual Routing and Forw .. cfgcmd:: set service tftp-server allow-upload -Optional, if you want to enable uploads, else TFTP server will act as read-only -server. + Optional, if you want to enable uploads, else TFTP server will act as a + read-only server. Example ------- Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via -TFTP to this server is not allowed! +TFTP to this server is disabled. The resulting configuration will look like: |