diff options
Diffstat (limited to 'docs/configuration/service')
| -rw-r--r-- | docs/configuration/service/broadcast-relay.rst | 4 | ||||
| -rw-r--r-- | docs/configuration/service/config-sync.rst | 114 | ||||
| -rw-r--r-- | docs/configuration/service/conntrack-sync.rst | 4 | ||||
| -rw-r--r-- | docs/configuration/service/https.rst | 37 | ||||
| -rw-r--r-- | docs/configuration/service/ids.rst | 6 | ||||
| -rw-r--r-- | docs/configuration/service/index.rst | 1 | ||||
| -rw-r--r-- | docs/configuration/service/ipoe-server.rst | 17 | ||||
| -rw-r--r-- | docs/configuration/service/ntp.rst | 8 | ||||
| -rw-r--r-- | docs/configuration/service/pppoe-server.rst | 129 | ||||
| -rw-r--r-- | docs/configuration/service/router-advert.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/service/salt-minion.rst | 2 |
11 files changed, 249 insertions, 75 deletions
diff --git a/docs/configuration/service/broadcast-relay.rst b/docs/configuration/service/broadcast-relay.rst index b6e2bed7..f64bb208 100644 --- a/docs/configuration/service/broadcast-relay.rst +++ b/docs/configuration/service/broadcast-relay.rst @@ -20,7 +20,7 @@ Configuration .. cfgcmd:: set service broadcast-relay id <n> description <description> A description can be added for each and every unique relay ID. This is - useful to distinguish between multiple different ports/appliactions. + useful to distinguish between multiple different ports/applications. .. cfgcmd:: set service broadcast-relay id <n> interface <interface> @@ -35,7 +35,7 @@ Configuration .. cfgcmd:: set service broadcast-relay id <n> port <port> - The UDP port number used by your apllication. It is mandatory for this kind + The UDP port number used by your application. It is mandatory for this kind of operation. .. cfgcmd:: set service broadcast-relay id <n> disable diff --git a/docs/configuration/service/config-sync.rst b/docs/configuration/service/config-sync.rst new file mode 100644 index 00000000..d0449a78 --- /dev/null +++ b/docs/configuration/service/config-sync.rst @@ -0,0 +1,114 @@ +.. _config-sync: + +########### +Config Sync +########### + +Configuration synchronization (config sync) is a feature of VyOS that +permits synchronization of the configuration of one VyOS router to +another in a network. + +The main benefit to configuration synchronization is that it eliminates having +to manually replicate configuration changes made on the primary router to the +secondary (replica) router. + +The writing of the configuration to the secondary router is performed through +the VyOS HTTP API. The user can specify which portion(s) of the configuration will +be synchronized and the mode to use - whether to replace or add. + +To prevent issues with divergent configurations between the pair of routers, +synchronization is strictly unidirectional from primary to replica. Both +routers should be online and run the same version of VyOS. + +Configuration +------------- + +.. cfgcmd:: set service config-sync secondary + <address|key|timeout|port> + + Specify the address, API key, timeout and port of the secondary router. + You need to enable and configure the HTTP API service on the secondary + router for config sync to operate. + +.. cfgcmd:: set service config-sync section <section> + + Specify the section of the configuration to synchronize. If more than one + section is to be synchronized, repeat the command to add additional + sections as required. + +.. cfgcmd:: set service config-sync mode <load|set> + + Two options are available for `mode`: either `load` and replace or `set` + the configuration section. + +.. code-block:: none + + Supported options for <section> include: + firewall + interfaces <interface> + nat + nat66 + pki + policy + protocols <protocol> + qos <interface|policy> + service <service> + system <conntrack| + flow-accounting|option|sflow|static-host-mapping|sysctl|time-zone> + vpn + vrf + +Example +------- +* Synchronize the time-zone and OSPF configuration from Router A to Router B +* The address of Router B is 10.0.20.112 and the port used is 8443 + +Configure the HTTP API service on Router B + +.. code-block:: none + + set service https listen-address '10.0.20.112' + set service https port '8443' + set service https api keys id KID key 'foo' + +Configure the config-sync service on Router A + +.. code-block:: none + + set service config-sync mode 'load' + set service config-sync secondary address '10.0.20.112' + set service config-sync secondary port '8443' + set service config-sync secondary key 'foo' + set service config-sync section protocols 'ospf' + set service config-sync section system 'time-zone' + +Make config-sync relevant changes to Router A's configuration + +.. code-block:: none + + vyos@vyos-A# set system time-zone 'America/Los_Angeles' + vyos@vyos-A# commit + INFO:vyos_config_sync:Config synchronization: Mode=load, + Secondary=10.0.20.112 + vyos@vyos-A# save + + vyos@vyos-A# set protocols ospf area 0 network '10.0.48.0/30' + vyos@vyos-A# commit + INFO:vyos_config_sync:Config synchronization: Mode=load, + Secondary=10.0.20.112 + yos@vyos-A# save + +Verify configuration changes have been replicated to Router B + +.. code-block:: none + + vyos@vyos-B:~$ show configuration commands | match time-zone + set system time-zone 'America/Los_Angeles' + + vyos@vyos-B:~$ show configuration commands | match ospf + set protocols ospf area 0 network '10.0.48.0/30' + +Known issues +------------ +Configuration resynchronization. With the current implementation of `service +config-sync`, the secondary node must be online. diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst index db23c92f..232db1a8 100644 --- a/docs/configuration/service/conntrack-sync.rst +++ b/docs/configuration/service/conntrack-sync.rst @@ -29,7 +29,7 @@ will be mandatorily defragmented. It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the -"peer" keywork after the specificed interface, as in the following example: +"peer" keywork after the specified interface, as in the following example: :cfgcmd:`set service conntrack-sync interface eth0 peer 192.168.0.250` @@ -204,7 +204,7 @@ Now configure conntrack-sync service on ``router1`` **and** ``router2`` .. code-block:: none - set high-availablilty vrrp group internal virtual-address ... etc ... + set high-availability vrrp group internal virtual-address ... etc ... set high-availability vrrp sync-group syncgrp member 'internal' set service conntrack-sync accept-protocol 'tcp' set service conntrack-sync accept-protocol 'udp' diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst index 973c5355..af397456 100644 --- a/docs/configuration/service/https.rst +++ b/docs/configuration/service/https.rst @@ -53,7 +53,11 @@ Configuration .. cfgcmd:: set service https vrf <name> - Start Webserver in given VRF. + Start Webserver in given VRF. + +.. cfgcmd:: set service https request-body-size-limit <size> + + Set the maximum request body size in megabytes. Default is 1MB. API === @@ -70,7 +74,36 @@ API .. cfgcmd:: set service https api strict - Enforce strict path checking + Enforce strict path checking. + +.. cfgcmd:: set service https api cors allow-origin <origin> + + Allow cross-origin requests from `<origin>`. + +GraphQL +======= + +.. cfgcmd:: set service https api graphql introspection + + Enable GraphQL Schema introspection. + +.. note:: Do not leave introspection enabled in production, it is a security risk. + +.. cfgcmd:: set service https api graphql authentication type <key | token> + + Set the authentication type for GraphQL, default option is key. Available options are: + + * ``key`` use API keys configured in ``service https api keys`` + + * ``token`` use JWT tokens. + +.. cfgcmd:: set service https api graphql authentication expiration + + Set the lifetime for JWT tokens in seconds. Default is 3600 seconds. + +.. cfgcmd:: set service https api graphql authentication secret-length + + Set the byte length of the JWT secret. Default is 32. ********************* Example Configuration diff --git a/docs/configuration/service/ids.rst b/docs/configuration/service/ids.rst index 3e508d50..8a64467f 100644 --- a/docs/configuration/service/ids.rst +++ b/docs/configuration/service/ids.rst @@ -33,7 +33,7 @@ Configuration Configure direction for processing traffic. .. cfgcmd:: set service ids ddos-protection exclude-network <x.x.x.x/x> -.. cfgcmd:: set service ids ddos-protection exlude-network <h:h:h:h:h:h:h:h/x> +.. cfgcmd:: set service ids ddos-protection exclude-network <h:h:h:h:h:h:h:h/x> Specify IPv4 and/or IPv6 networks which are going to be excluded. @@ -56,7 +56,7 @@ Configuration .. cfgcmd:: set service ids ddos-protection sflow port <1-65535> - Configure port number to be used for sflow conection. Default port is 6343. + Configure port number to be used for sflow connection. Default port is 6343. .. cfgcmd:: set service ids ddos-protection threshold general [fps | mbps | pps] <0-4294967294> @@ -96,7 +96,7 @@ In this simplified scenario, main things to be considered are: * Interface **eth0** used to connect to upstream. Since we are analyzing attacks to and from our internal network, two types -of attacks can be identified, and differents actions are needed: +of attacks can be identified, and different actions are needed: * External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be diff --git a/docs/configuration/service/index.rst b/docs/configuration/service/index.rst index 56ce55eb..abb77ef4 100644 --- a/docs/configuration/service/index.rst +++ b/docs/configuration/service/index.rst @@ -8,6 +8,7 @@ Service :includehidden: broadcast-relay + config-sync conntrack-sync console-server dhcp-relay diff --git a/docs/configuration/service/ipoe-server.rst b/docs/configuration/service/ipoe-server.rst index 64048552..ef06bcd5 100644 --- a/docs/configuration/service/ipoe-server.rst +++ b/docs/configuration/service/ipoe-server.rst @@ -26,13 +26,13 @@ functionality as PPPoE, but in a less robust manner. Configuring IPoE Server *********************** -IPoE can be configure on different interfaces, it will depend on each specific -situation which interface will provide IPoE to clients. The clients mac address +IPoE can be configured on different interfaces, it will depend on each specific +situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client. The example configuration below will assign an IP to the client on the incoming -interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP +interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration. @@ -85,12 +85,11 @@ the configuration. .. cfgcmd:: set service ipoe-server interface <interface> mode <l2 | l3> - Set authentication backend. The configured authentication backend is used - for all queries. + Specifies the client connectivity mode. * **l2**: It means that clients are on same network where interface is.**(default)** - * **local**: It means that client are behind some router. + * **l3**: It means that client are behind some router. .. cfgcmd:: set service ipoe-server interface <interface> network <shared | vlan> @@ -279,7 +278,7 @@ IPv6 .. code-block:: none set service ipoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' - set service ipoe-server client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set service ipoe-server client-ipv6-pool IPv6-POOL prefix '2001:db8:8002::/48' mask '64' set service ipoe-server default-ipv6-pool IPv6-POOL ********* @@ -434,7 +433,7 @@ Toubleshooting .. code-block:: none - vyos@vyos:~$sudo journalctl -u accel-ppp@ipoe -b 0 + vyos@vyos:~$ show log ipoe-server Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:: recv [DHCPv4 Discover xid=55df9228 chaddr=0c:98:bd:b8:00:01 <Message-Type Discover> <Request-IP 192.168.0.3> <Host-Name vyos> <Request-List Subnet,Broadcast,Router,DNS,Classless-Route,Domain-Name,MTU>] Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:eth1.100: eth1.100: authentication succeeded @@ -447,4 +446,4 @@ Toubleshooting .. include:: /_include/common-references.txt .. _dictionary: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.rfc6911 -.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel
\ No newline at end of file +.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel diff --git a/docs/configuration/service/ntp.rst b/docs/configuration/service/ntp.rst index e7ee392b..266376cf 100644 --- a/docs/configuration/service/ntp.rst +++ b/docs/configuration/service/ntp.rst @@ -46,9 +46,9 @@ Configuration There are 3 default NTP server set. You are able to change them. - * ``0.pool.ntp.org`` - * ``1.pool.ntp.org`` - * ``2.pool.ntp.org`` + * ``time1.vyos.net`` + * ``time2.vyos.net`` + * ``time3.vyos.net`` .. cfgcmd:: set service ntp server <address> <noselect | nts | pool | prefer> @@ -85,7 +85,7 @@ Configuration .. cfgcmd:: set service ntp leap-second [ignore|smear|system|timezone] - Define how to handle leaf-seonds. + Define how to handle leap-seconds. * `ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are diff --git a/docs/configuration/service/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst index 99b3fbb5..6d818c70 100644 --- a/docs/configuration/service/pppoe-server.rst +++ b/docs/configuration/service/pppoe-server.rst @@ -24,7 +24,6 @@ Configuring PPPoE Server set service pppoe-server authentication local-users username test password 'test' set service pppoe-server client-ip-pool PPPOE-POOL range 192.168.255.2-192.168.255.254 set service pppoe-server default-pool 'PPPOE-POOL' - set service pppoe-server outside-address 192.0.2.2 set service pppoe-server gateway-address 192.168.255.1 set service pppoe-server interface eth0 @@ -49,7 +48,8 @@ Configuring PPPoE Server Create `<user>` for local authentication on this system. The users password will be set to `<pass>`. -.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> range <x.x.x.x-x.x.x.x | x.x.x.x/x> +.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> + range <x.x.x.x-x.x.x.x | x.x.x.x/x> Use this command to define the first IP address of a pool of addresses to be given to pppoe clients. If notation ``x.x.x.x-x.x.x.x``, @@ -85,7 +85,8 @@ accounts again. set service pppoe-server authentication mode radius -.. cfgcmd:: set service pppoe-server authentication radius server <server> key <secret> +.. cfgcmd:: set service pppoe-server authentication radius + server <server> key <secret> Configure RADIUS `<server>` and its required shared `<secret>` for communicating with the RADIUS server. @@ -109,7 +110,8 @@ If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface. -.. cfgcmd:: set service pppoe-server authentication radius source-address <address> +.. cfgcmd:: set service pppoe-server authentication radius + source-address <address> Source IPv4 address used in all RADIUS server queires. @@ -119,57 +121,70 @@ to a single source IP e.g. the loopback interface. RADIUS advanced options ======================= -.. cfgcmd:: set service pppoe-server authentication radius server <server> port <port> +.. cfgcmd:: set service pppoe-server authentication radius + server <server> port <port> Configure RADIUS `<server>` and its required port for authentication requests. -.. cfgcmd:: set service pppoe-server authentication radius server <server> fail-time <time> +.. cfgcmd:: set service pppoe-server authentication radius + server <server> fail-time <time> Mark RADIUS server as offline for this given `<time>` in seconds. -.. cfgcmd:: set service pppoe-server authentication radius server <server> disable +.. cfgcmd:: set service pppoe-server authentication radius + server <server> disable Temporary disable this RADIUS server. -.. cfgcmd:: set service pppoe-server authentication radius acct-timeout <timeout> +.. cfgcmd:: set service pppoe-server authentication radius + acct-timeout <timeout> Timeout to wait reply for Interim-Update packets. (default 3 seconds) -.. cfgcmd:: set service pppoe-server authentication radius dynamic-author server <address> +.. cfgcmd:: set service pppoe-server authentication radius + dynamic-author server <address> Specifies IP address for Dynamic Authorization Extension server (DM/CoA) -.. cfgcmd:: set service pppoe-server authentication radius dynamic-author port <port> +.. cfgcmd:: set service pppoe-server authentication radius + dynamic-author port <port> Port for Dynamic Authorization Extension server (DM/CoA) -.. cfgcmd:: set service pppoe-server authentication radius dynamic-author key <secret> +.. cfgcmd:: set service pppoe-server authentication radius dynamic-author + key <secret> Secret for Dynamic Authorization Extension server (DM/CoA) -.. cfgcmd:: set service pppoe-server authentication radius max-try <number> +.. cfgcmd:: set service pppoe-server authentication radius + max-try <number> Maximum number of tries to send Access-Request/Accounting-Request queries -.. cfgcmd:: set service pppoe-server authentication radius timeout <timeout> +.. cfgcmd:: set service pppoe-server authentication radius + timeout <timeout> Timeout to wait response from server (seconds) -.. cfgcmd:: set service pppoe-server authentication radius nas-identifier <identifier> +.. cfgcmd:: set service pppoe-server authentication radius + nas-identifier <identifier> Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. -.. cfgcmd:: set service pppoe-server authentication radius nas-ip-address <address> +.. cfgcmd:: set service pppoe-server authentication radius + nas-ip-address <address> Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address. -.. cfgcmd:: set service pppoe-server authentication radius source-address <address> +.. cfgcmd:: set service pppoe-server authentication radius + source-address <address> Source IPv4 address used in all RADIUS server queires. -.. cfgcmd:: set service pppoe-server authentication radius rate-limit attribute <attribute> +.. cfgcmd:: set service pppoe-server authentication radius + rate-limit attribute <attribute> Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``. @@ -177,11 +192,13 @@ RADIUS advanced options .. note:: If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client. -.. cfgcmd:: set service pppoe-server authentication radius rate-limit enable +.. cfgcmd:: set service pppoe-server authentication radius + rate-limit enable Enables bandwidth shaping via RADIUS. -.. cfgcmd:: set service pppoe-server authentication radius rate-limit vendor +.. cfgcmd:: set service pppoe-server authentication radius + rate-limit vendor Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius. @@ -193,25 +210,27 @@ Allocation clients ip addresses by RADIUS ========================================= If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP -address will be allocated to the client and the option ``default-pool`` within the CLI -config is being ignored. +address will be allocated to the client and the option ``default-pool`` +within the CLI config is being ignored. -If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated -from a predefined IP pool whose name equals the attribute value. +If the RADIUS server sends the attribute ``Framed-Pool``, IP address will +be allocated from a predefined IP pool whose name equals the attribute value. -If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address -will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value. +If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, +IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` +whose name equals the attribute value. -If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 -delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` +If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, +IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value. -.. note:: ``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in - RFC6911. If they are not defined in your RADIUS server, add new dictionary_. +.. note:: ``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` + are defined in RFC6911. If they are not defined in your RADIUS server, + add new dictionary_. -User interface can be put to VRF context via RADIUS Access-Accept packet, or change -it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. -Define it in your RADIUS server. +User interface can be put to VRF context via RADIUS Access-Accept packet, +or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. +It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server. Renaming clients interfaces by RADIUS ===================================== @@ -256,13 +275,13 @@ attributes. For Local Users =============== -.. cfgcmd:: set service pppoe-server authentication local-users username <user> rate-limit - download <bandwidth> +.. cfgcmd:: set service pppoe-server authentication local-users username + <user> rate-limit download <bandwidth> Download bandwidth limit in kbit/s for `<user>`. -.. cfgcmd:: set service pppoe-server authentication local-users username <user> rate-limit - upload <bandwidth> +.. cfgcmd:: set service pppoe-server authentication local-users username + <user> rate-limit upload <bandwidth> Upload bandwidth limit in kbit/s for `<user>`. @@ -340,7 +359,8 @@ other servers. Last command says that this PPPoE server can serve only IPv6 **** -.. cfgcmd:: set service pppoe-server ppp-options ipv6 <require | prefer | allow | deny> +.. cfgcmd:: set service pppoe-server ppp-options + ipv6 <require | prefer | allow | deny> Specifies IPv6 negotiation preference. @@ -349,16 +369,16 @@ IPv6 * **allow** - Negotiate IPv6 only if client requests * **deny** - Do not negotiate IPv6 (default value) -.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME> prefix <address> - mask <number-of-bits> +.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME> + prefix <address> mask <number-of-bits> Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64. -.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME> delegate <address> - delegation-prefix <number-of-bits> +.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME> + delegate <address> delegation-prefix <number-of-bits> Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the @@ -374,7 +394,7 @@ IPv6 set service pppoe-server ppp-options ipv6 allow set service pppoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' - set service pppoe-server client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set service pppoe-server client-ipv6-pool IPv6-POOL prefix '2001:db8:8002::/48' mask '64' set service pppoe-server default-ipv6-pool IPv6-POOL IPv6 Advanced Options @@ -383,7 +403,8 @@ IPv6 Advanced Options Accept peer interface identifier. By default is not defined. -.. cfgcmd:: set service pppoe-server ppp-options ipv6-interface-id <random | x:x:x:x> +.. cfgcmd:: set service pppoe-server ppp-options ipv6-interface-id + <random | x:x:x:x> Specifies fixed or random interface identifier for IPv6. By default is fixed. @@ -391,7 +412,8 @@ IPv6 Advanced Options * **random** - Random interface identifier for IPv6 * **x:x:x:x** - Specify interface identifier for IPv6 -.. cfgcmd:: set service pppoe-server ppp-options ipv6-interface-id <random | x:x:x:x> +.. cfgcmd:: set service pppoe-server ppp-options ipv6-interface-id + <random | x:x:x:x> Specifies peer interface identifier for IPv6. By default is fixed. @@ -427,12 +449,13 @@ Advanced Options Authentication Advanced Options =============================== -.. cfgcmd:: set service pppoe-server authentication local-users username <user> disable +.. cfgcmd:: set service pppoe-server authentication local-users + username <user> disable Disable `<user>` account. -.. cfgcmd:: set service pppoe-server authentication local-users username <user> static-ip - <address> +.. cfgcmd:: set service pppoe-server authentication local-users + username <user> static-ip <address> Assign static IP address to `<user>` account. @@ -445,7 +468,8 @@ Authentication Advanced Options Client IP Pool Advanced Options =============================== -.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> next-pool <NEXT-POOL-NAME> +.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> + next-pool <NEXT-POOL-NAME> Use this command to define the next address pool name. @@ -465,7 +489,8 @@ PPP Advanced Options This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**. -.. cfgcmd:: set service pppoe-server ppp-options ipv4 <require | prefer | allow | deny> +.. cfgcmd:: set service pppoe-server ppp-options ipv4 + <require | prefer | allow | deny> Specifies IPv4 negotiation preference. @@ -653,5 +678,7 @@ a /56 subnet for the clients internal use. ppp0 | test | 192.168.0.1 | 2001:db8:8002:0:200::/64 | 2001:db8:8003::1/56 | 00:53:00:12:42:eb | | active | 00:00:49 | 875 B | 2.1 KiB .. include:: /_include/common-references.txt -.. _dictionary: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.rfc6911 -.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel
\ No newline at end of file +.. _dictionary: https://github.com/accel-ppp/accel-ppp/blob/master/ + accel-pppd/radius/dict/dictionary.rfc6911 +.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/ + blob/master/accel-pppd/radius/dict/dictionary.accel
\ No newline at end of file diff --git a/docs/configuration/service/router-advert.rst b/docs/configuration/service/router-advert.rst index ca558b6a..8f984b10 100644 --- a/docs/configuration/service/router-advert.rst +++ b/docs/configuration/service/router-advert.rst @@ -38,7 +38,7 @@ Configuration "Cur Hop Limit", "hop-limit", "Hop count field of the outgoing RA packets" """Managed address configuration"" flag", "managed-flag", "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" """Other configuration"" flag", "other-config-flag", "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information" - "MTU","link-mtu","Link MTU value placed in RAs, exluded in RAs if unset" + "MTU","link-mtu","Link MTU value placed in RAs, excluded in RAs if unset" "Router Lifetime","default-lifetime","Lifetime associated with the default router in units of seconds" "Reachable Time","reachable-time","Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation" "Retransmit Timer","retrans-timer","Time in milliseconds between retransmitted Neighbor Solicitation messages" diff --git a/docs/configuration/service/salt-minion.rst b/docs/configuration/service/salt-minion.rst index aa747c36..8638246b 100644 --- a/docs/configuration/service/salt-minion.rst +++ b/docs/configuration/service/salt-minion.rst @@ -17,7 +17,7 @@ Requirements ************ To use the Salt-Minion, a running Salt-Master is required. You can find more -in the `Salt Poject Documentaion +in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_ ************* |