5 files changed, 113 insertions, 56 deletions
diff --git a/docs/configuration/interfaces/bridge.rst b/docs/configuration/interfaces/bridge.rst
index ddc293cc..e69a6e26 100644
--- a/docs/configuration/interfaces/bridge.rst
+++ b/docs/configuration/interfaces/bridge.rst
@@ -127,15 +127,24 @@ Enable VLAN-Aware Bridge
 
 .. cfgcmd:: set interfaces bridge <interface> enable-vlan
 
-   To activate the VLAN aware bridge, you must activate this setting to use VLAN 
+   To activate the VLAN aware bridge, you must activate this setting to use VLAN
    settings for the bridge
 
+.. cfgcmd:: set interfaces bridge <interface> protocol <802.1ad|802.1q>
+
+   Define used ethertype of bridge interface.
+
+   Ethertype ``0x8100`` is used for ``802.1q`` and ethertype ``0x88a8`` is used
+   for ``802.1ad``.
+
+   The default is ``802.1q``.
+
 VLAN Options
 ------------
 
 .. note:: It is not valid to use the `vif 1` option for VLAN aware bridges
-   because VLAN aware bridges assume that all unlabeled packets belong to 
-   the default VLAN 1 member and that the VLAN ID of the bridge's parent 
+   because VLAN aware bridges assume that all unlabeled packets belong to
+   the default VLAN 1 member and that the VLAN ID of the bridge's parent
    interface is always 1
 
 .. cmdinclude:: /_include/interface-vlan-8021q.txt
@@ -149,9 +158,9 @@ VLAN Options
    VLAN tag enters the port, the data packet will be forced to add a tag of a
    specific vlan id. When the vlan id flag flows out, the tag of the vlan id
    will be stripped
-   
+
    Example: Set `eth0` member port to be native VLAN 2
-   
+
    .. code-block:: none
 
      set interfaces bridge br1 member interface eth0 native-vlan 2
@@ -162,17 +171,17 @@ VLAN Options
    Allows specific VLAN IDs to pass through the bridge member interface. This
    can either be an individual VLAN id or a range of VLAN ids delimited by a
    hyphen.
-   
+
    Example: Set `eth0` member port to be allowed VLAN 4
-   
+
    .. code-block:: none
-   
+
      set interfaces bridge br1 member interface eth0 allowed-vlan 4
-  
+
    Example: Set `eth0` member port to be allowed VLAN 6-8
-   
+
    .. code-block:: none
-   
+
      set interfaces bridge br1 member interface eth0 allowed-vlan 6-8
 
 Port Mirror (SPAN)
@@ -265,17 +274,17 @@ This results in the active configuration:
 Using the operation mode command to view Bridge Information
 ===========================================================
 
-.. opcmd:: show bridge 
+.. opcmd:: show bridge
 
    The `show bridge` operational command can be used to display
    configured bridges:
 
    .. code-block:: none
 
-     vyos@vyos:~$ show bridge 
-     3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding 
-     priority 32 cost 100   
-     4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding 
+     vyos@vyos:~$ show bridge
+     3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding
+     priority 32 cost 100
+     4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding
      priority 32 cost 100
 
 .. opcmd:: show bridge <name> fdb
@@ -304,11 +313,11 @@ Using the operation mode command to view Bridge Information
      33:33:00:00:00:6a dev br0 self permanent
      01:00:5e:00:00:01 dev br0 self permanent
      33:33:ff:00:00:00 dev br0 self permanent
- 
+
 .. opcmd:: show bridge <name> mdb
 
-   Show bridge `<name>` mdb displays the current multicast group membership 
-   table.The table is populated by IGMP and MLD snooping in the bridge driver 
+   Show bridge `<name>` mdb displays the current multicast group membership
+   table.The table is populated by IGMP and MLD snooping in the bridge driver
    automatically.
 
    .. code-block:: none
diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst
index d92ac080..8cf579de 100644
--- a/docs/configuration/interfaces/openvpn.rst
+++ b/docs/configuration/interfaces/openvpn.rst
@@ -547,7 +547,7 @@ example:
        openvpn-option "--plugin /usr/lib/openvpn/openvpn-auth-ldap.so /config/auth/ldap-auth.config"
        openvpn-option "--push redirect-gateway"
        openvpn-option --duplicate-cn
-       openvpn-option --client-cert-not-required
+       openvpn-option "--verify-client-cert none"
        openvpn-option --comp-lzo
        openvpn-option --persist-key
        openvpn-option --persist-tun
diff --git a/docs/configuration/policy/route-map.rst b/docs/configuration/policy/route-map.rst
index 07cfcf02..ccc4cef0 100644
--- a/docs/configuration/policy/route-map.rst
+++ b/docs/configuration/policy/route-map.rst
@@ -197,12 +197,15 @@ Route Map
    BGP aggregator attribute: AS number or IP address of an aggregation.
 
 .. cfgcmd:: set policy route-map <text> rule <1-65535> set as-path exclude
-   <text>
+   <1-4294967295 | all>
 
    Drop AS-NUMBER from the BGP AS path.
 
+   If ``all`` is specified, remove all AS numbers from the AS_PATH of the BGP
+   path's NLRI.
+
 .. cfgcmd:: set policy route-map <text> rule <1-65535> set as-path prepend
-   <text>
+   <1-4294967295>
 
    Prepend the given string of AS numbers to the AS_PATH of the BGP path's NLRI.
 
@@ -233,11 +236,11 @@ Route Map
 .. cfgcmd:: set policy route-map <text> rule <1-65535> set large-community
    <add|replace> <GA:LDP1:LDP2>
 
-   Add or replace BGP large-community attribute in format 
+   Add or replace BGP large-community attribute in format
    ``<0-4294967295:0-4294967295:0-4294967295>``
 
 .. cfgcmd:: set policy route-map <text> rule <1-65535> set large-community none
-   
+
    Delete all BGP large-communities
 
 .. cfgcmd:: set policy route-map <text> rule <1-65535> set large-community delete
@@ -375,11 +378,3 @@ List of well-known communities
    * ``accept-own-nexthop`` -           Well-known communities value accept-own-nexthop 0xFFFF0008
    * ``blackhole`` -                    Well-known communities value BLACKHOLE 0xFFFF029A
    * ``no-peer`` -                      Well-known communities value NOPEER 0xFFFFFF04
-
-
-
-
-
-
-
-
diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst
index 6813d2c0..43b5d20c 100644
--- a/docs/configuration/service/dhcp-server.rst
+++ b/docs/configuration/service/dhcp-server.rst
@@ -49,10 +49,26 @@ Configuration
    Inform client that the DNS server can be found at `<address>`.
 
    This is the configuration parameter for the entire shared network definition.
-   All subnets will inherit this configuration item if not specified locally.
-
+   All subnets will inherit this configuration item if not specified locally. 
    Multiple DNS servers can be defined.
 
+.. cfgcmd:: set service dhcp-server shared-network-name <name> option 
+   vendor-option <option-name>
+
+   This configuration parameter lets you specify a vendor-option for the 
+   entire shared network definition. All subnets will inherit this 
+   configuration item if not specified locally. An example for Ubiquiti is 
+   shown below:
+
+**Example:**
+
+Pass address of Unifi controller at ``172.16.100.1`` to all clients of ``NET1``
+
+.. code-block:: none
+
+  set service dhcp-server shared-network-name 'NET1' option vendor-option  
+  ubiquiti '172.16.100.1'
+
 .. cfgcmd:: set service dhcp-server listen-address <address>
 
    This configuration parameter lets the DHCP server to listen for DHCP 
@@ -132,6 +148,24 @@ Individual Client Subnet
    request where no full FQDN is passed. This option can be given multiple times
    if you need multiple search domains (DHCP Option 119).
 
+.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet> 
+   option vendor-option <option-name>
+
+   This configuration parameter lets you specify a vendor-option for the
+   subnet specified within the shared network definition. An example for  
+   Ubiquiti is shown below:
+
+**Example:**
+
+Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of  
+Unifi controller at ``172.16.100.1`` to clients of that subnet.
+
+.. code-block:: none
+
+  set service dhcp-server shared-network-name 'NET1' subnet 
+  '172.18.201.0/24' option vendor-option ubiquiti '172.16.100.1'
+
+
 Failover
 --------
 
diff --git a/docs/configuration/service/router-advert.rst b/docs/configuration/service/router-advert.rst
index f179153a..ca558b6a 100644
--- a/docs/configuration/service/router-advert.rst
+++ b/docs/configuration/service/router-advert.rst
@@ -13,6 +13,7 @@ Supported interface types:
     * bonding
     * bridge
     * ethernet
+    * geneve
     * l2tpv3
     * openvpn
     * pseudo-ethernet
@@ -22,9 +23,9 @@ Supported interface types:
     * wireless
     * wwan
 
-
-Enabling Advertisments
-~~~~~~~~~~~~~~~~~~~~~~~
+*************
+Configuration
+*************
 
 .. cfgcmd:: set service router-advert interface <interface> ...
 
@@ -50,7 +51,7 @@ Enabling Advertisments
 
 
 Advertising a Prefix
-''''''''''''''''''''
+--------------------
 
 .. cfgcmd:: set service router-advert interface <interface> prefix <prefix/mask>
 
@@ -73,30 +74,48 @@ Advertising a Prefix
 
 .. start_vyoslinter
 
+Advertising a NAT64 Prefix
+--------------------------
+
+.. cfgcmd:: set service router-advert interface <interface> nat64prefix <prefix/mask>
+
+   Enable PREF64 option as outlined in :rfc:`8781`.
+
+   NAT64 prefix mask must be one of: /32, /40, /48, /56, /64 or 96.
+
+   .. note:: The well known NAT64 prefix is ``64:ff9b::/96``
+
+.. stop_vyoslinter
+
+.. csv-table::
+    :header: "VyOS Field", "Description"
+    :widths: 10,30
+
+    "valid-lifetime","Time in seconds that the prefix will remain valid (default: 65528 seconds)"
+
+.. start_vyoslinter
+
 Disabling Advertisements
-~~~~~~~~~~~~~~~~~~~~~~~~
+------------------------
 
 To disable advertisements without deleting the configuration:
 
 .. cfgcmd:: set service router-advert interface <interface> no-send-advert
 
-Example Configuration
-~~~~~~~~~~~~~~~~~~~~~
+
+*******
+Example
+*******
+
+Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router
+beeing ``2001:db8:beef:2::1``
 
 .. code-block:: none
 
-     interface eth0.2 {
-        default-preference high
-        hop-limit 64
-        interval {
-            max 600
-        }
-        name-server 2001:db8::1
-        name-server 2001:db8::2
-        other-config-flag
-        prefix 2001:db8:beef:2::/64 {
-            valid-lifetime 2592000
-        }
-        reachable-time 0
-        retrans-timer 0
-     }
+    set interfaces ethernet eth0 address 2001:db8:beef:2::1/64
+
+    set service router-advert interface eth0 default-preference 'high'
+    set service router-advert interface eth0 name-server '2001:db8::1'
+    set service router-advert interface eth0 name-server '2001:db8::2'
+    set service router-advert interface eth0 other-config-flag
+    set service router-advert interface eth0 prefix 2001:db8:beef:2::/64