diff options
Diffstat (limited to 'docs/configuration')
-rw-r--r-- | docs/configuration/firewall/index.rst | 2 | ||||
-rw-r--r-- | docs/configuration/highavailability/index.rst | 2 | ||||
-rw-r--r-- | docs/configuration/interfaces/macsec.rst | 5 | ||||
-rw-r--r-- | docs/configuration/interfaces/tunnel.rst | 40 | ||||
-rw-r--r-- | docs/configuration/protocols/bgp.rst | 16 | ||||
-rw-r--r-- | docs/configuration/service/https.rst | 186 | ||||
-rw-r--r-- | docs/configuration/service/index.rst | 1 | ||||
-rw-r--r-- | docs/configuration/service/ipoe-server.rst | 16 | ||||
-rw-r--r-- | docs/configuration/service/salt-minion.disable | 2 | ||||
-rw-r--r-- | docs/configuration/service/salt-minion.rst | 53 | ||||
-rw-r--r-- | docs/configuration/service/snmp.rst | 5 | ||||
-rw-r--r-- | docs/configuration/service/ssh.rst | 7 | ||||
-rw-r--r-- | docs/configuration/service/tftp-server.rst | 6 | ||||
-rw-r--r-- | docs/configuration/system/option.rst | 6 | ||||
-rw-r--r-- | docs/configuration/vpn/l2tp.rst | 4 |
15 files changed, 162 insertions, 189 deletions
diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 04800b91..909d77e8 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -127,7 +127,7 @@ Some firewall settings are global and have a affect on the whole system. .. cfgcmd:: set firewall state-policy established log enable - Set the global setting for a astablished connections. + Set the global setting for a established connections. .. cfgcmd:: set firewall state-policy invalid action [accept | drop | reject] diff --git a/docs/configuration/highavailability/index.rst b/docs/configuration/highavailability/index.rst index a223c283..c3965aa2 100644 --- a/docs/configuration/highavailability/index.rst +++ b/docs/configuration/highavailability/index.rst @@ -189,3 +189,5 @@ and the ``/config/scripts/vrrp-master.sh`` when the router becomes the master: set high-availability vrrp group Foo transition-script backup "/config/scripts/vrrp-fail.sh Foo" set high-availability vrrp group Foo transition-script fault "/config/scripts/vrrp-fail.sh Foo" set high-availability vrrp group Foo transition-script master "/config/scripts/vrrp-master.sh Foo" + +To know more about scripting, check the :ref:`command-scripting` section. diff --git a/docs/configuration/interfaces/macsec.rst b/docs/configuration/interfaces/macsec.rst index 2bf643aa..9a20c425 100644 --- a/docs/configuration/interfaces/macsec.rst +++ b/docs/configuration/interfaces/macsec.rst @@ -27,14 +27,11 @@ Common interface configuration MACsec options ============== -.. cfgcmd:: set interfaces macsec <interface> security cipher [gcm-aes-128] +.. cfgcmd:: set interfaces macsec <interface> security cipher <gcm-aes-128|gcm-aes-256> Select cipher suite used for cryptographic operations. This setting is mandatory. - .. note:: gcm-aes-256 support planned once iproute2 package is updated to - version >=5.2. - .. cfgcmd:: set interfaces macsec <interface> security encrypt MACsec only provides authentication by default, encryption is optional. This diff --git a/docs/configuration/interfaces/tunnel.rst b/docs/configuration/interfaces/tunnel.rst index d2d63ce2..36b1d70b 100644 --- a/docs/configuration/interfaces/tunnel.rst +++ b/docs/configuration/interfaces/tunnel.rst @@ -32,8 +32,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation ipip - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 203.0.113.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 203.0.113.20 set interfaces tunnel tun0 address 192.168.100.200/24 IP6IP6 @@ -50,8 +50,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation ip6ip6 - set interfaces tunnel tun0 local-ip 2001:db8:aa::1 - set interfaces tunnel tun0 remote-ip 2001:db8:aa::2 + set interfaces tunnel tun0 source-address 2001:db8:aa::1 + set interfaces tunnel tun0 remote 2001:db8:aa::2 set interfaces tunnel tun0 address 2001:db8:bb::1/64 IPIP6 @@ -67,8 +67,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation ipip6 - set interfaces tunnel tun0 local-ip 2001:db8:aa::1 - set interfaces tunnel tun0 remote-ip 2001:db8:aa::2 + set interfaces tunnel tun0 source-address 2001:db8:aa::1 + set interfaces tunnel tun0 remote 2001:db8:aa::2 set interfaces tunnel tun0 address 192.168.70.80/24 6in4 (SIT) @@ -89,8 +89,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation sit - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 192.0.2.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 192.0.2.20 set interfaces tunnel tun0 address 2001:db8:bb::1/64 A full example of a Tunnelbroker.net config can be found at @@ -112,8 +112,8 @@ over either IPv4 (gre) or IPv6 (ip6gre). Configuration ^^^^^^^^^^^^^ -A basic configuration requires a tunnel source (local-ip), a tunnel destination -(remote-ip), an encapsulation type (gre), and an address (ipv4/ipv6).Below is a +A basic configuration requires a tunnel source (source-address), a tunnel destination +(remote), an encapsulation type (gre), and an address (ipv4/ipv6).Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router @@ -125,8 +125,8 @@ defaults to gre ip otherwise it would have to be configured as well. set interfaces tunnel tun100 address '10.0.0.1/30' set interfaces tunnel tun100 encapsulation 'gre' - set interfaces tunnel tun100 local-ip '198.51.100.2' - set interfaces tunnel tun100 remote-ip '203.0.113.10' + set interfaces tunnel tun100 source-address '198.51.100.2' + set interfaces tunnel tun100 remote '203.0.113.10' **Cisco IOS Router:** @@ -147,8 +147,8 @@ and a Linux host using systemd-networkd. set interfaces tunnel tun101 address '2001:db8:feed:beef::1/126' set interfaces tunnel tun101 address '192.168.5.1/30' set interfaces tunnel tun101 encapsulation 'ip6gre' - set interfaces tunnel tun101 local-ip '2001:db8:babe:face::3afe:3' - set interfaces tunnel tun101 remote-ip '2001:db8:9bb:3ce::5' + set interfaces tunnel tun101 source-address '2001:db8:babe:face::3afe:3' + set interfaces tunnel tun101 remote '2001:db8:9bb:3ce::5' **Linux systemd-networkd:** @@ -189,15 +189,15 @@ An example: .. code-block:: none - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 192.0.2.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 192.0.2.20 set interfaces tunnel tun0 address 10.40.50.60/24 set interfaces tunnel tun0 parameters ip key 10 - + .. code-block:: none - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 192.0.2.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 192.0.2.20 set interfaces tunnel tun0 address 172.16.17.18/24 set interfaces tunnel tun0 parameters ip key 20 @@ -211,7 +211,7 @@ to make sure the configuration performs as expected. A common cause for GRE tunnels to fail to come up correctly include ACL or Firewall configurations that are discarding IP protocol 47 or blocking your source/desintation traffic. -**1. Confirm IP connectivity between tunnel local-ip and remote-ip:** +**1. Confirm IP connectivity between tunnel source-address and remote:** .. code-block:: none diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index 6b6605a6..bd5a75e1 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -530,8 +530,8 @@ Redistribution Configuration General Configuration --------------------- -Common parametrs -^^^^^^^^^^^^^^^^ +Common parameters +^^^^^^^^^^^^^^^^^ .. cfgcmd:: set protocols bgp <asn> parameters router-id <id> @@ -585,7 +585,17 @@ Common parametrs This command goes hand in hand with the listen range command to limit the amount of BGP neighbors that are allowed to connect to the local router. The limit range is 1 to 5000. - + +.. cfgcmd:: set protocols bgp <asn> parameters ebgp-requires-policy + + This command changes the eBGP behavior of FRR. By default FRR enables + :rfc:`8212` functionality which affects how eBGP routes are advertised, + namely no routes are advertised across eBGP sessions without some + sort of egress route-map/policy in place. In VyOS however we have this + RFC functionality disabled by default so that we can preserve backwards + compatibility with older versions of VyOS. With this option one can + enable :rfc:`8212` functionality to operate. + Administrative Distance ^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst index b9c691da..1f1e2aa9 100644 --- a/docs/configuration/service/https.rst +++ b/docs/configuration/service/https.rst @@ -4,178 +4,88 @@ HTTP-API ######## -Enabling HTTP-API ------------------ +VyOS provide a HTTP API. You can use it to execute op-mode commands, +update VyOS, set or delete config. -VyOS HTTP API can be enabled through the ``set service https api`` command. - -.. code-block:: none - - set service https api debug - set service https api keys id MY-HTTP-API-ID key MY-HTTP-API-PLAINTEXT-KEY - -The local API process listens on localhost:8080, and nginx exposes it on all -virtual servers, by default. For the purpose of illustration below, we will -assume nginx is running at https://192.168.122.127. - -One can limit proxying to specific listen addresses/ports/server-names by -defining a ``service https virtual-host <id>``, and setting ``service https -api-restrict virtual-host <id>``. - -.. code-block:: none - - set service https virtual-host example listen-address 192.168.122.127 - set service https virtual-host example listen-port 44302 - set service https virtual-host example server-name example.net - - set service https api-restrict virtual-host example - -In this example, nginx will proxy only those requests to -192.168.122.127:44302 or example.net:44302 (assuming the DNS record is -viable). Omitting any of listen-address, listen-port, or server-name, will -leave appropriate defaults in the nginx directive. Multiple instances of -``service https api-restrict virtual-host`` may be set. - -Configuration mode requests ---------------------------- - -In our example, we are creating a dummy interface and assigning an address to -it: - -.. code-block:: none - - curl -k -X POST -F data='{"op": "set", "path": ["interfaces", "dummy", "dum1", "address"], "value": "203.0.113.76/32"}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/configure - -The ``/configure`` endpoint takes a request serialized in JSON. The only HTTP -method it uses is POST. Request data is passed in the ``data=`` field and the -API key is passed in the ``key=`` field. Key identifiers from the config are -purely informational and the application doesn't need to know them, they only -appear in the server logs to avoid exposing keys in log files, you only need -the key itself. - -Since internally there is no distinction between a path and a value, you can -omit the value field and include the value in the path like it's done in the -shell commands: - -.. code-block:: none - - curl -k -X POST -F data='{"op": "set", "path": ["interfaces", "dummy", "dum10", "address", "203.0.113.99/32"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/configure - -Separate value field make the semantics more clear though, and also makes it -easier to create a command template once and update it with different values -as needed. - -You can pass the ``set``, ``delete`` or ``comment`` command to it. -The API will push the command to the session and commit. - -To retrieve a value: - -.. code-block:: none - - curl -k -X POST -F data='{"op": "returnValue", "path": ["interfaces", "dummy", "dum1", "address"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/retrieve - -Use ``returnValues`` for multi-valued nodes. +Please take a look at the :ref:`vyosapi` page for an detailed how-to. +************* +Configuration +************* -Show config -""""""""""" +.. cfgcmd:: set service https api keys id <name> key <apikey> -To retrieve the full config under a path: + Set an named api key, every key have the same, full permissions + on the system. -.. code-block:: none - - # curl -k -X POST -F data='{"op": "showConfig", "path": ["interfaces", "dummy"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/retrieve +.. cfgcmd:: set service https api debug -It will return: - -.. code-block:: none + To enable debug messages. Available via :opcmd:`show log` or + :opcmd:`monitor log` - {"success": true, "data": {"dummy": {"dum1": {"address": "203.0.113.76/32"}}}, "error": null} - -Passing an empty path will return the full config: - -.. code-block:: none +.. cfgcmd:: set service https api port - # curl -k -X POST -F data='{"op": "showConfig", "path": []}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/retrieve + Set the listen port of the local API, this have non effect of the + webserver. The default is port 8080 +.. cfgcmd:: set service https api strict -Configuration management requests ---------------------------------- + Enforce strict path checking -When saving or loading a configuration, the endpoint is ``/config-file`` and -you can pass the ``save`` or ``load`` command. +.. cfgcmd:: set service https virtual-host <vhost> listen-address -If you don't specify the file when saving, it saves to ``/config/config.boot``. -Here's an example: + Address to listen for HTTPS requests -.. code-block:: none +.. cfgcmd:: set service https virtual-host <vhost> listen-port <1-65535> - # curl -k -X POST -F key=MY-HTTP-API-PLAINTEXT-KEY -Fdata='{"op": "save", "file": "/config/config.boot"}' https://192.168.122.127/config-file + Port to listen for HTTPS requests; default 443 -Image management requests -------------------------- +.. cfgcmd:: set service https virtual-host <vhost> server-name <text> -One may ``add`` or ``delete`` a system image using the endpoint ``/image``. -Here are the respective examples: + Server names for virtual hosts it ca be exact, wildcard or regex. -``add`` from ``url``. Here we use the URL of the latest rolling release: +.. cfgcmd:: set service https api-restrict virtual-host <vhost> -.. code-block:: none + Nginx exposes the local API on all virtual servers, by default + Use this to restrict nginx to one or more virtual hosts. - # curl -k -X POST -F data='{"op": "add", "url": "https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso"}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/image +.. cfgcmd:: set service https certificates certbot domain-name <text> -``delete`` by image ``name``. For example: + Domain name(s) for which to obtain certificate -.. code-block:: none +.. cfgcmd:: set service https certificates certbot email - # curl -k -X POST -F data='{"op": "delete", "name": "1.3-rolling-202006070117"}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/image + Email address to associate with certificate -To list the available system images by name, one may use the operational mode -request ``show`` discussed in the next section; in this setting it would be: +.. cfgcmd:: set service https certificates system-generated-certificate -.. code-block:: none + Use an automatically generated self-signed certificate - # curl -k -X POST -F data='{"op": "show", "path": ["system", "image"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/show +.. cfgcmd:: set service https certificates system-generated-certificate + lifetime <days> -Operational mode requests -------------------------- + Lifetime in days; default is 365 -It is possible to run ``show`` and ``generate`` commands: +********************* +Example Configuration +********************* -Request: +Set an API-KEY is the minimal configuration to get a working API Endpoint. .. code-block:: none - curl -k -X POST -F data='{"op": "generate", "path": ["wireguard", "default-keypair"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/generate - -Response: - -.. code-block:: none + set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY - {"success": true, "data": "", "error": null} -Request: +To use this full configuration we asume a publice accessable hostname. .. code-block:: none - curl -k -X POST -F data='{"op": "show", "path": ["wireguard", "keypairs", "pubkey", "default"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/show - -Response: - -.. code-block:: none - - {"success": true, "data": "<some pubkey>=\n", "error": null} - -Request: - -.. code-block:: none - - curl -k -X POST -F data='{"op": "show", "path": ["ip", "route"]}' -F key=MY-HTTP-API-PLAINTEXT-KEY https://192.168.122.127/show - -Response: - -.. code-block:: none - - {"success": true, "data": "Codes: K - kernel route, C - connected, S - static, R - RIP,\n O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,\n T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,\n F - PBR, f - OpenFabric,\n > - selected route, * - FIB route, q - queued route, r - rejected route\n\nS>* 0.0.0.0/0 [210/0] via 192.168.100.1, eth0, 01:41:05\nC>* 192.168.0.0/24 is directly connected, eth1, 01:41:09\nC>* 192.168.100.0/24 is directly connected, eth0, 01:41:05\nC>* 203.0.113.76/32 is directly connected, dum1, 01:38:40\n", "error": null} - + set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY + set service https certificates certbot domain-name rtr01.example.com + set service https certificates certbot email mail@example.com + set service https virtual-host rtr01 listen-address 198.51.100.2 + set service https virtual-host rtr01 listen-port 11443 + set service https virtual-host rtr01 server-name rtr01.example.com + set service https api-restrict virtual-host rtr01.example.com
\ No newline at end of file diff --git a/docs/configuration/service/index.rst b/docs/configuration/service/index.rst index fb194239..96660e91 100644 --- a/docs/configuration/service/index.rst +++ b/docs/configuration/service/index.rst @@ -19,6 +19,7 @@ Service mdns pppoe-server router-advert + salt-minion snmp ssh tftp-server diff --git a/docs/configuration/service/ipoe-server.rst b/docs/configuration/service/ipoe-server.rst index 7858ff19..eea9517d 100644 --- a/docs/configuration/service/ipoe-server.rst +++ b/docs/configuration/service/ipoe-server.rst @@ -72,11 +72,11 @@ IPv6 DNS addresses are optional. set service ipoe-server authentication interface eth3 mac-address 08:00:27:2F:D8:06 set service ipoe-server authentication mode 'local' - set service ipoe-server client-ipv6-pool delegate-prefix '2001:db8:1::/48,56' - set service ipoe-server client-ipv6-pool prefix '2001:db8::/48,64' - set service ipoe-server dnsv6-server server-1 '2001:db8::' - set service ipoe-server dnsv6-server server-2 '2001:db8:aaa::' - set service ipoe-server dnsv6-server server-3 '2001:db8:bbb::' + set service ipoe-server client-ipv6-pool delegate '2001:db8:1::/48' delegation-prefix '56' + set service ipoe-server client-ipv6-pool prefix '2001:db8::/48' mask '64' + set service ipoe-server name-server '2001:db8::' + set service ipoe-server name-server '2001:db8:aaa::' + set service ipoe-server name-server '2001:db8:bbb::' set service ipoe-server interface eth3 client-subnet '192.168.1.0/24' .. code-block:: none @@ -116,7 +116,7 @@ example configuration can be used. .. code-block:: none set service ipoe-server authentication mode 'radius' - set service ipoe-server authentication radius-server 10.100.100.1 secret 'password' + set service ipoe-server authentication radius server 10.100.100.1 key 'password' Bandwidth Shaping ================= @@ -134,8 +134,8 @@ The rate-limit is set in kbit/sec. set service ipoe-server authentication interface eth2 mac-address 08:00:27:2f:d8:06 rate-limit download '500' set service ipoe-server authentication interface eth2 mac-address 08:00:27:2f:d8:06 rate-limit upload '500' set service ipoe-server authentication mode 'local' - set service ipoe-server dns-server server-1 '10.10.1.1' - set service ipoe-server dns-server server-2 '10.10.1.2' + set service ipoe-server name-server '10.10.1.1' + set service ipoe-server name-server '10.10.1.2' set service ipoe-server interface eth2 client-subnet '192.168.0.0/24' .. code-block:: none diff --git a/docs/configuration/service/salt-minion.disable b/docs/configuration/service/salt-minion.disable deleted file mode 100644 index 63df57a4..00000000 --- a/docs/configuration/service/salt-minion.disable +++ /dev/null @@ -1,2 +0,0 @@ -salt-minion -###########
\ No newline at end of file diff --git a/docs/configuration/service/salt-minion.rst b/docs/configuration/service/salt-minion.rst new file mode 100644 index 00000000..aa747c36 --- /dev/null +++ b/docs/configuration/service/salt-minion.rst @@ -0,0 +1,53 @@ +.. _saltminion: + +########### +Salt-Minion +########### + +SaltStack_ is Python-based, open-source +software for event-driven IT automation, remote task execution, and +configuration management. Supporting the "infrastructure as code" +approach to data center system and network deployment and management, +configuration automation, SecOps orchestration, vulnerability remediation, +and hybrid cloud control. + + +************ +Requirements +************ + +To use the Salt-Minion, a running Salt-Master is required. You can find more +in the `Salt Poject Documentaion +<https://docs.saltproject.io/en/latest/contents.html>`_ + +************* +Configuration +************* + +.. cfgcmd:: set service salt-minion hash <type> + + The hash type used when discovering file on master server (default: sha256) + +.. cfgcmd:: set service salt-minion id <id> + + Explicitly declare ID for this minion to use (default: hostname) + +.. cfgcmd:: set service salt-minion interval <1-1440> + + Interval in minutes between updates (default: 60) + +.. cfgcmd:: set service salt-minion master <hostname | IP> + + The hostname or IP address of the master + +.. cfgcmd:: set service salt-minion master-key <key> + + URL with signature of master for auth reply verification + + +Please take a look in the Automation section to find some usefull +Examples. + + + +.. _SaltStack: https://saltproject.io/
\ No newline at end of file diff --git a/docs/configuration/service/snmp.rst b/docs/configuration/service/snmp.rst index e962c1c5..4a5a2780 100644 --- a/docs/configuration/service/snmp.rst +++ b/docs/configuration/service/snmp.rst @@ -201,7 +201,8 @@ VyOS MIBs All SNMP MIBs are located in each image of VyOS here: ``/usr/share/snmp/mibs/`` -you are be able to download the files with the a activate ssh service like this +You are be able to download the files using SCP, once the SSH service +has been activated like so .. code-block:: none @@ -270,4 +271,4 @@ following content: .. _SNMPv2: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Version_2 .. _SNMPv3: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Version_3 -.. start_vyoslinter
\ No newline at end of file +.. start_vyoslinter diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst index 94249766..6b09d40d 100644 --- a/docs/configuration/service/ssh.rst +++ b/docs/configuration/service/ssh.rst @@ -127,8 +127,8 @@ Operation .. opcmd:: generate ssh client-key /path/to/private_key - Re-generated a known pub/private keyfile which can e.g. used to connect to - other services (RPKI cache). + Re-generated a known pub/private keyfile which can be used to connect to + other services (e.g. RPKI cache). Example: @@ -153,5 +153,6 @@ Operation | =.. o=.oo| +----[SHA256]-----+ - Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` + Two new files ``/config/auth/id_rsa_rpki`` and + ``/config/auth/id_rsa_rpki.pub`` will be created. diff --git a/docs/configuration/service/tftp-server.rst b/docs/configuration/service/tftp-server.rst index 276ce5fb..d220d789 100644 --- a/docs/configuration/service/tftp-server.rst +++ b/docs/configuration/service/tftp-server.rst @@ -32,15 +32,15 @@ on each IP address. .. cfgcmd:: set service tftp-server allow-upload -Optional, if you want to enable uploads, else TFTP server will act as read-only -server. +Optional, if you want to enable uploads, else TFTP server will act as a +read-only server. Example ------- Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via -TFTP to this server is not allowed! +TFTP to this server is disabled. The resulting configuration will look like: diff --git a/docs/configuration/system/option.rst b/docs/configuration/system/option.rst index e029ec96..a4e08245 100644 --- a/docs/configuration/system/option.rst +++ b/docs/configuration/system/option.rst @@ -28,8 +28,8 @@ HTTP client .. cfgcmd:: set system option http-client source-address <address> - Several commands utilize curl to initiate transfers. Configure the local - source IPv4/IPv6 address used for all CURL operations. + Several commands utilize cURL to initiate transfers. Configure the local + source IPv4/IPv6 address used for all cURL operations. .. cfgcmd:: set system option http-client source-interface <interface> @@ -54,7 +54,7 @@ the used keyboard layout on the system console. Defaults to ``us``. .. note:: Changing the keymap only has an effect on the system console, using - SSH oder Serial remote access to the device is not affected as the keyboard + SSH or Serial remote access to the device is not affected as the keyboard layout here corresponds to your access system. .. _system_options_performance: diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst index d331ce2c..0df5080c 100644 --- a/docs/configuration/vpn/l2tp.rst +++ b/docs/configuration/vpn/l2tp.rst @@ -72,8 +72,8 @@ parameter to the client. .. code-block:: none - set vpn l2tp remote-access dns-servers server-1 '198.51.100.8' - set vpn l2tp remote-access dns-servers server-2 '198.51.100.4' + set vpn l2tp remote-access name-server '198.51.100.8' + set vpn l2tp remote-access name-server '198.51.100.4' Established sessions can be viewed using the **show vpn remote-access** operational command, or **show l2tp-server sessions** |