diff options
Diffstat (limited to 'docs/configuration')
| -rw-r--r-- | docs/configuration/interfaces/openvpn.rst | 27 | ||||
| -rw-r--r-- | docs/configuration/protocols/rip.rst | 12 | ||||
| -rw-r--r-- | docs/configuration/service/dhcp-server.rst | 26 | ||||
| -rw-r--r-- | docs/configuration/service/snmp.rst | 4 | ||||
| -rw-r--r-- | docs/configuration/system/login.rst | 2 |
5 files changed, 52 insertions, 19 deletions
diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index 82dd26dd..80fef754 100644 --- a/docs/configuration/interfaces/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -34,8 +34,9 @@ In the VyOS CLI, a key point often overlooked is that rather than being configured using the `set vpn` stanza, OpenVPN is configured as a network interface using `set interfaces openvpn`. +************ Site-To-Site -============ +************ .. figure:: /_static/images/openvpn_site2site_diagram.jpg @@ -130,9 +131,9 @@ Remote Configuration - Annotated: set interfaces openvpn vtun1 local-address '10.255.1.2' # Local IP of vtun interface set interfaces openvpn vtun1 remote-address '10.255.1.1' # Remote IP of vtun interface -******************* + Firewall Exceptions -******************* +=================== For the OpenVPN traffic to pass through the WAN interface, you must create a firewall exception. @@ -245,8 +246,9 @@ to each tunnel. Another option is to dedicate a port number to each tunnel OpenVPN status can be verified using the `show openvpn` operational commands. See the built-in help for a complete list of options. +****** Server -====== +****** Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this section @@ -322,7 +324,7 @@ internally, so we need to create a route to the 10.23.0.0/20 network ourselves: set protocols static interface-route 10.23.0.0/20 next-hop-interface vtun10 Generate X.509 Certificate and Keys ------------------------------------ +=================================== OpenVPN ships with a set of scripts called Easy-RSA that can generate the appropriate files needed for an OpenVPN setup using X.509 certificates. @@ -535,8 +537,10 @@ example: } } + +****** Client -====== +****** VyOS can not only act as an OpenVPN site-to-site or server for multiple clients. You can indeed also configure any VyOS OpenVPN interface as an OpenVPN client @@ -548,7 +552,7 @@ static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate. Server ------- +====== .. code-block:: none @@ -572,7 +576,7 @@ Server set interfaces openvpn vtun10 use-lzo-compression Client ------- +====== .. code-block:: none @@ -614,13 +618,14 @@ Will add ``push "keepalive 1 10"`` to the generated OpenVPN config file. quotes using the ``"`` statement. +*************** Troubleshooting -=============== +*************** VyOS provides some operational commands on OpenVPN. Check status ------------- +============ The following commands let you check tunnel status. @@ -639,7 +644,7 @@ The following commands let you check tunnel status. Reset OpenVPN -------------- +============= The following commands let you reset OpenVPN. diff --git a/docs/configuration/protocols/rip.rst b/docs/configuration/protocols/rip.rst index 4d46e2f0..fd20a90c 100644 --- a/docs/configuration/protocols/rip.rst +++ b/docs/configuration/protocols/rip.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-10-04 + .. _rip: ### @@ -57,20 +59,20 @@ Optional Configuration .. cfgcmd:: set protocols rip default-distance <distance> - This command change distance value of RIP. The distance range is 1 to 255. + This command change the distance value of RIP. The distance range is 1 to 255. .. note:: Routes with a distance of 255 are effectively disabled and not installed into the kernel. .. cfgcmd:: set protocols rip network-distance <A.B.C.D/M> distance <distance> - This command sets default RIP distance to specified value when the route’s + This command sets default RIP distance to a specified value when the routes source IP address matches the specified prefix. .. cfgcmd:: set protocols rip network-distance <A.B.C.D/M> access-list <name> This command can be used with previous command to sets default RIP distance - to specified value when the route’s source IP address matches the specified + to specified value when the route source IP address matches the specified prefix and the specified access-list. .. cfgcmd:: set protocols rip default-information originate @@ -156,7 +158,7 @@ Redistribution Configuration This command modifies the default metric (hop count) value for redistributed routes. The metric range is 1 to 16. The default value is 1. This command does not affect connected route even if it is redistributed by - :cfgcmd:`redistribute connected`. To modify connected route’s metric + :cfgcmd:`redistribute connected`. To modify connected routes metric value, please use :cfgcmd:`redistribute connected metric`. @@ -178,7 +180,7 @@ Interfaces Configuration This command disables split-horizon on the interface. By default, VyOS does not advertise RIP routes out the interface over which they were learned - (split horizon). + (split horizon).3 .. cfgcmd:: set interfaces <inttype> <intname> ip rip split-horizon poison-reverse diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index c3f21b80..38f4d7fc 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -464,6 +464,30 @@ Option 43 for UniFI Operation Mode ============== +.. opcmd:: show log dhcp server + + Show DHCP server daemon log file + +.. opcmd:: show log dhcp client + + Show logs from all DHCP client processes. + +.. opcmd:: show log dhcp client interface <interface> + + Show logs from specific `interface` DHCP client process. + +.. opcmd:: show log dhcpv6 server + + Show DHCPv6 server daemon log file + +.. opcmd:: show log dhcpv6 client + + Show logs from all DHCPv6 client processes. + +.. opcmd:: show log dhcpv6 client interface <interface> + + Show logs from specific `interface` DHCPv6 client process. + .. opcmd:: restart dhcp server Restart the DHCP server @@ -512,6 +536,8 @@ Operation Mode Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active) + + *********** IPv6 server *********** diff --git a/docs/configuration/service/snmp.rst b/docs/configuration/service/snmp.rst index e962c1c5..2a55b775 100644 --- a/docs/configuration/service/snmp.rst +++ b/docs/configuration/service/snmp.rst @@ -166,9 +166,9 @@ configuration. The resulting LCI config will look like: .. code-block:: none vyos@vyos# show service snmp - listen-address 172.18.254.201 { + listen-address 192.0.2.1 { } - location "Wuerzburg, Dr.-Georg-Fuchs-Str. 8" + location "VyOS Datacenter" v3 { engineid 000000000000000000000002 group default { diff --git a/docs/configuration/system/login.rst b/docs/configuration/system/login.rst index bf26904e..61201de7 100644 --- a/docs/configuration/system/login.rst +++ b/docs/configuration/system/login.rst @@ -122,7 +122,7 @@ Dial-In User Service)` servers as backend for user authentication. Configuration ------------- -.. cfgcmd:: set system login radius server <address> secret <secret> +.. cfgcmd:: set system login radius server <address> key <secret> Specify the `<address>` of the RADIUS server user with the pre-shared-secret given in `<secret>`. Multiple servers can be specified. |