summaryrefslogtreecommitdiff
path: root/docs/configuration
diff options
context:
space:
mode:
Diffstat (limited to 'docs/configuration')
-rw-r--r--docs/configuration/interfaces/l2tpv3.rst20
-rw-r--r--docs/configuration/interfaces/tunnel.rst50
-rw-r--r--docs/configuration/vpn/dmvpn.rst4
-rw-r--r--docs/configuration/vpn/ipsec.rst12
4 files changed, 43 insertions, 43 deletions
diff --git a/docs/configuration/interfaces/l2tpv3.rst b/docs/configuration/interfaces/l2tpv3.rst
index ca6e0841..d26d0e0b 100644
--- a/docs/configuration/interfaces/l2tpv3.rst
+++ b/docs/configuration/interfaces/l2tpv3.rst
@@ -47,14 +47,14 @@ L2TPv3 options
This defaults to UDP
-.. cfgcmd:: set interfaces l2tpv3 <interface> local-ip <address>
+.. cfgcmd:: set interfaces l2tpv3 <interface> source-address <address>
Set the IP address of the local interface to be used for the tunnel.
This address must be the address of a local interface. It may be specified as
an IPv4 address or an IPv6 address.
-.. cfgcmd:: set interfaces l2tpv3 <interface> remote-ip <address>
+.. cfgcmd:: set interfaces l2tpv3 <interface> remote <address>
Set the IP address of the remote peer. It may be specified as
an IPv4 address or an IPv6 address.
@@ -94,10 +94,10 @@ Over IP
l2tpv3 l2tpeth10 {
address 192.168.37.1/27
encapsulation ip
- local-ip 192.0.2.1
+ source-address 192.0.2.1
peer-session-id 100
peer-tunnel-id 200
- remote-ip 203.0.113.24
+ remote 203.0.113.24
session-id 100
tunnel-id 200
}
@@ -109,7 +109,7 @@ Over UDP
UDP mode works better with NAT:
-* Set local-ip to your local IP (LAN).
+* Set source-address to your local IP (LAN).
* Add a forwarding rule matching UDP port on your internet router.
.. code-block:: none
@@ -119,10 +119,10 @@ UDP mode works better with NAT:
address 192.168.37.1/27
destination-port 9001
encapsulation udp
- local-ip 192.0.2.1
+ source-address 192.0.2.1
peer-session-id 100
peer-tunnel-id 200
- remote-ip 203.0.113.24
+ remote 203.0.113.24
session-id 100
source-port 9000
tunnel-id 200
@@ -159,7 +159,7 @@ IPSec:
set vpn ipsec site-to-site peer <peer-ip> connection-type 'initiate'
set vpn ipsec site-to-site peer <peer-ip> ike-group 'test-IKE-1'
set vpn ipsec site-to-site peer <peer-ip> ikev2-reauth 'inherit'
- set vpn ipsec site-to-site peer <peer-ip> local-address <local-ip>
+ set vpn ipsec site-to-site peer <peer-ip> local-address <source-address>
set vpn ipsec site-to-site peer <peer-ip> tunnel 1 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer <peer-ip> tunnel 1 allow-public-networks 'disable'
set vpn ipsec site-to-site peer <peer-ip> tunnel 1 esp-group 'test-ESP-1'
@@ -184,11 +184,11 @@ L2TPv3:
set interfaces l2tpv3 l2tpeth0 description 'L2 VPN Tunnel'
set interfaces l2tpv3 l2tpeth0 destination-port '5000'
set interfaces l2tpv3 l2tpeth0 encapsulation 'ip'
- set interfaces l2tpv3 l2tpeth0 local-ip <local-ip>
+ set interfaces l2tpv3 l2tpeth0 source-address <source-address>
set interfaces l2tpv3 l2tpeth0 mtu '1500'
set interfaces l2tpv3 l2tpeth0 peer-session-id '110'
set interfaces l2tpv3 l2tpeth0 peer-tunnel-id '10'
- set interfaces l2tpv3 l2tpeth0 remote-ip <peer-ip>
+ set interfaces l2tpv3 l2tpeth0 remote <peer-ip>
set interfaces l2tpv3 l2tpeth0 session-id '110'
set interfaces l2tpv3 l2tpeth0 source-port '5000'
set interfaces l2tpv3 l2tpeth0 tunnel-id '10'
diff --git a/docs/configuration/interfaces/tunnel.rst b/docs/configuration/interfaces/tunnel.rst
index 8a308348..9fa5ed17 100644
--- a/docs/configuration/interfaces/tunnel.rst
+++ b/docs/configuration/interfaces/tunnel.rst
@@ -34,8 +34,8 @@ An example:
.. code-block:: none
set interfaces tunnel tun0 encapsulation ipip
- set interfaces tunnel tun0 local-ip 192.0.2.10
- set interfaces tunnel tun0 remote-ip 203.0.113.20
+ set interfaces tunnel tun0 source-address 192.0.2.10
+ set interfaces tunnel tun0 remote 203.0.113.20
set interfaces tunnel tun0 address 192.168.100.200/24
IP6IP6
@@ -52,8 +52,8 @@ An example:
.. code-block:: none
set interfaces tunnel tun0 encapsulation ip6ip6
- set interfaces tunnel tun0 local-ip 2001:db8:aa::1
- set interfaces tunnel tun0 remote-ip 2001:db8:aa::2
+ set interfaces tunnel tun0 source-address 2001:db8:aa::1
+ set interfaces tunnel tun0 remote 2001:db8:aa::2
set interfaces tunnel tun0 address 2001:db8:bb::1/64
IPIP6
@@ -69,8 +69,8 @@ An example:
.. code-block:: none
set interfaces tunnel tun0 encapsulation ipip6
- set interfaces tunnel tun0 local-ip 2001:db8:aa::1
- set interfaces tunnel tun0 remote-ip 2001:db8:aa::2
+ set interfaces tunnel tun0 source-address 2001:db8:aa::1
+ set interfaces tunnel tun0 remote 2001:db8:aa::2
set interfaces tunnel tun0 address 192.168.70.80/24
6in4 (SIT)
@@ -91,8 +91,8 @@ An example:
.. code-block:: none
set interfaces tunnel tun0 encapsulation sit
- set interfaces tunnel tun0 local-ip 192.0.2.10
- set interfaces tunnel tun0 remote-ip 192.0.2.20
+ set interfaces tunnel tun0 source-address 192.0.2.10
+ set interfaces tunnel tun0 remote 192.0.2.20
set interfaces tunnel tun0 address 2001:db8:bb::1/64
A full example of a Tunnelbroker.net config can be found at
@@ -114,8 +114,8 @@ over either IPv4 (gre) or IPv6 (ip6gre).
Configuration
^^^^^^^^^^^^^
-A basic configuration requires a tunnel source (local-ip), a tunnel destination
-(remote-ip), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a
+A basic configuration requires a tunnel source (source-address), a tunnel destination
+(remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a
basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS
router. The main difference between these two configurations is that VyOS
requires you explicitly configure the encapsulation type. The Cisco router
@@ -127,8 +127,8 @@ defaults to GRE IP otherwise it would have to be configured as well.
set interfaces tunnel tun100 address '10.0.0.1/30'
set interfaces tunnel tun100 encapsulation 'gre'
- set interfaces tunnel tun100 local-ip '198.51.100.2'
- set interfaces tunnel tun100 remote-ip '203.0.113.10'
+ set interfaces tunnel tun100 source-address '198.51.100.2'
+ set interfaces tunnel tun100 remote '203.0.113.10'
**Cisco IOS Router:**
@@ -149,8 +149,8 @@ and a Linux host using systemd-networkd.
set interfaces tunnel tun101 address '2001:db8:feed:beef::1/126'
set interfaces tunnel tun101 address '192.168.5.1/30'
set interfaces tunnel tun101 encapsulation 'ip6gre'
- set interfaces tunnel tun101 local-ip '2001:db8:babe:face::3afe:3'
- set interfaces tunnel tun101 remote-ip '2001:db8:9bb:3ce::5'
+ set interfaces tunnel tun101 source-address '2001:db8:babe:face::3afe:3'
+ set interfaces tunnel tun101 remote '2001:db8:9bb:3ce::5'
**Linux systemd-networkd:**
@@ -191,23 +191,23 @@ An example:
.. code-block:: none
- set interfaces tunnel tun0 local-ip 192.0.2.10
- set interfaces tunnel tun0 remote-ip 192.0.2.20
+ set interfaces tunnel tun0 source-address 192.0.2.10
+ set interfaces tunnel tun0 remote 192.0.2.20
set interfaces tunnel tun0 address 10.40.50.60/24
set interfaces tunnel tun0 parameters ip key 10
-
+
.. code-block:: none
- set interfaces tunnel tun0 local-ip 192.0.2.10
- set interfaces tunnel tun0 remote-ip 192.0.2.20
+ set interfaces tunnel tun0 source-address 192.0.2.10
+ set interfaces tunnel tun0 remote 192.0.2.20
set interfaces tunnel tun0 address 172.16.17.18/24
set interfaces tunnel tun0 parameters ip key 20
GRE-Bridge
^^^^^^^^^^
-While normal GRE is for layer 3, GRE-Bridge is for layer 2. GRE-Bridge can
-encapsulate Ethernet frames, thus it can be bridged with other interfaces to
+While normal GRE is for layer 3, GRE-Bridge is for layer 2. GRE-Bridge can
+encapsulate Ethernet frames, thus it can be bridged with other interfaces to
create datalink layer segments that span multiple remote sites.
Layer 2 GRE example:
@@ -216,9 +216,9 @@ Layer 2 GRE example:
set interfaces bridge br0 member interface eth0
set interfaces bridge br0 member interface tun0
- set interfaces tunnel tun0 encapsulation gre-bridge
- set interfaces tunnel tun0 local-ip 198.51.100.2
- set interfaces tunnel tun0 remote-ip 203.0.113.10
+ set interfaces tunnel tun0 encapsulation gretap
+ set interfaces tunnel tun0 source-address 192.0.2.100
+ set interfaces tunnel tun0 remote 192.0.2.1
Troubleshooting
^^^^^^^^^^^^^^^
@@ -229,7 +229,7 @@ to make sure the configuration performs as expected. A common cause for GRE
tunnels to fail to come up correctly include ACL or Firewall configurations
that are discarding IP protocol 47 or blocking your source/destination traffic.
-**1. Confirm IP connectivity between tunnel local-ip and remote-ip:**
+**1. Confirm IP connectivity between tunnel source-address and remote:**
.. code-block:: none
diff --git a/docs/configuration/vpn/dmvpn.rst b/docs/configuration/vpn/dmvpn.rst
index f902c388..f11f4a20 100644
--- a/docs/configuration/vpn/dmvpn.rst
+++ b/docs/configuration/vpn/dmvpn.rst
@@ -188,7 +188,7 @@ Hub
set interfaces tunnel tun100 address '172.16.253.134/29'
set interfaces tunnel tun100 encapsulation 'gre'
- set interfaces tunnel tun100 local-ip '192.0.2.1'
+ set interfaces tunnel tun100 source-address '192.0.2.1'
set interfaces tunnel tun100 multicast 'enable'
set interfaces tunnel tun100 parameters ip key '1'
@@ -293,7 +293,7 @@ VyOS can also run in DMVPN spoke mode.
set interfaces ethernet eth0 address 'dhcp'
set interfaces tunnel tun100 address '172.16.253.133/29'
- set interfaces tunnel tun100 local-ip 0.0.0.0
+ set interfaces tunnel tun100 source-address 0.0.0.0
set interfaces tunnel tun100 encapsulation 'gre'
set interfaces tunnel tun100 multicast 'enable'
set interfaces tunnel tun100 parameters ip key '1'
diff --git a/docs/configuration/vpn/ipsec.rst b/docs/configuration/vpn/ipsec.rst
index 2888336c..4a4849c9 100644
--- a/docs/configuration/vpn/ipsec.rst
+++ b/docs/configuration/vpn/ipsec.rst
@@ -46,8 +46,8 @@ On the LEFT:
# GRE tunnel
set interfaces tunnel tun0 encapsulation gre
- set interfaces tunnel tun0 local-ip 192.0.2.10
- set interfaces tunnel tun0 remote-ip 203.0.113.45
+ set interfaces tunnel tun0 source-address 192.0.2.10
+ set interfaces tunnel tun0 remote 203.0.113.45
set interfaces tunnel tun0 address 10.10.10.1/30
## IPsec
@@ -98,8 +98,8 @@ On the LEFT:
set interfaces tunnel tun0 encapsulation gre
set interfaces tunnel tun0 address 10.10.10.1/30
- set interfaces tunnel tun0 local-ip 192.168.99.1
- set interfaces tunnel tun0 remote-ip 192.168.99.2
+ set interfaces tunnel tun0 source-address 192.168.99.1
+ set interfaces tunnel tun0 remote 192.168.99.2
On the RIGHT:
@@ -109,8 +109,8 @@ On the RIGHT:
set interfaces tunnel tun0 encapsulation gre
set interfaces tunnel tun0 address 10.10.10.2/30
- set interfaces tunnel tun0 local-ip 192.168.99.2
- set interfaces tunnel tun0 remote-ip 192.168.99.1
+ set interfaces tunnel tun0 source-address 192.168.99.2
+ set interfaces tunnel tun0 remote 192.168.99.1
**Setting up IPSec**