diff options
Diffstat (limited to 'docs/configuration')
-rw-r--r-- | docs/configuration/interfaces/l2tpv3.rst | 20 | ||||
-rw-r--r-- | docs/configuration/interfaces/tunnel.rst | 50 | ||||
-rw-r--r-- | docs/configuration/vpn/dmvpn.rst | 4 | ||||
-rw-r--r-- | docs/configuration/vpn/ipsec.rst | 12 |
4 files changed, 43 insertions, 43 deletions
diff --git a/docs/configuration/interfaces/l2tpv3.rst b/docs/configuration/interfaces/l2tpv3.rst index ca6e0841..d26d0e0b 100644 --- a/docs/configuration/interfaces/l2tpv3.rst +++ b/docs/configuration/interfaces/l2tpv3.rst @@ -47,14 +47,14 @@ L2TPv3 options This defaults to UDP -.. cfgcmd:: set interfaces l2tpv3 <interface> local-ip <address> +.. cfgcmd:: set interfaces l2tpv3 <interface> source-address <address> Set the IP address of the local interface to be used for the tunnel. This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address. -.. cfgcmd:: set interfaces l2tpv3 <interface> remote-ip <address> +.. cfgcmd:: set interfaces l2tpv3 <interface> remote <address> Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address. @@ -94,10 +94,10 @@ Over IP l2tpv3 l2tpeth10 { address 192.168.37.1/27 encapsulation ip - local-ip 192.0.2.1 + source-address 192.0.2.1 peer-session-id 100 peer-tunnel-id 200 - remote-ip 203.0.113.24 + remote 203.0.113.24 session-id 100 tunnel-id 200 } @@ -109,7 +109,7 @@ Over UDP UDP mode works better with NAT: -* Set local-ip to your local IP (LAN). +* Set source-address to your local IP (LAN). * Add a forwarding rule matching UDP port on your internet router. .. code-block:: none @@ -119,10 +119,10 @@ UDP mode works better with NAT: address 192.168.37.1/27 destination-port 9001 encapsulation udp - local-ip 192.0.2.1 + source-address 192.0.2.1 peer-session-id 100 peer-tunnel-id 200 - remote-ip 203.0.113.24 + remote 203.0.113.24 session-id 100 source-port 9000 tunnel-id 200 @@ -159,7 +159,7 @@ IPSec: set vpn ipsec site-to-site peer <peer-ip> connection-type 'initiate' set vpn ipsec site-to-site peer <peer-ip> ike-group 'test-IKE-1' set vpn ipsec site-to-site peer <peer-ip> ikev2-reauth 'inherit' - set vpn ipsec site-to-site peer <peer-ip> local-address <local-ip> + set vpn ipsec site-to-site peer <peer-ip> local-address <source-address> set vpn ipsec site-to-site peer <peer-ip> tunnel 1 allow-nat-networks 'disable' set vpn ipsec site-to-site peer <peer-ip> tunnel 1 allow-public-networks 'disable' set vpn ipsec site-to-site peer <peer-ip> tunnel 1 esp-group 'test-ESP-1' @@ -184,11 +184,11 @@ L2TPv3: set interfaces l2tpv3 l2tpeth0 description 'L2 VPN Tunnel' set interfaces l2tpv3 l2tpeth0 destination-port '5000' set interfaces l2tpv3 l2tpeth0 encapsulation 'ip' - set interfaces l2tpv3 l2tpeth0 local-ip <local-ip> + set interfaces l2tpv3 l2tpeth0 source-address <source-address> set interfaces l2tpv3 l2tpeth0 mtu '1500' set interfaces l2tpv3 l2tpeth0 peer-session-id '110' set interfaces l2tpv3 l2tpeth0 peer-tunnel-id '10' - set interfaces l2tpv3 l2tpeth0 remote-ip <peer-ip> + set interfaces l2tpv3 l2tpeth0 remote <peer-ip> set interfaces l2tpv3 l2tpeth0 session-id '110' set interfaces l2tpv3 l2tpeth0 source-port '5000' set interfaces l2tpv3 l2tpeth0 tunnel-id '10' diff --git a/docs/configuration/interfaces/tunnel.rst b/docs/configuration/interfaces/tunnel.rst index 8a308348..9fa5ed17 100644 --- a/docs/configuration/interfaces/tunnel.rst +++ b/docs/configuration/interfaces/tunnel.rst @@ -34,8 +34,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation ipip - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 203.0.113.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 203.0.113.20 set interfaces tunnel tun0 address 192.168.100.200/24 IP6IP6 @@ -52,8 +52,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation ip6ip6 - set interfaces tunnel tun0 local-ip 2001:db8:aa::1 - set interfaces tunnel tun0 remote-ip 2001:db8:aa::2 + set interfaces tunnel tun0 source-address 2001:db8:aa::1 + set interfaces tunnel tun0 remote 2001:db8:aa::2 set interfaces tunnel tun0 address 2001:db8:bb::1/64 IPIP6 @@ -69,8 +69,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation ipip6 - set interfaces tunnel tun0 local-ip 2001:db8:aa::1 - set interfaces tunnel tun0 remote-ip 2001:db8:aa::2 + set interfaces tunnel tun0 source-address 2001:db8:aa::1 + set interfaces tunnel tun0 remote 2001:db8:aa::2 set interfaces tunnel tun0 address 192.168.70.80/24 6in4 (SIT) @@ -91,8 +91,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation sit - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 192.0.2.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 192.0.2.20 set interfaces tunnel tun0 address 2001:db8:bb::1/64 A full example of a Tunnelbroker.net config can be found at @@ -114,8 +114,8 @@ over either IPv4 (gre) or IPv6 (ip6gre). Configuration ^^^^^^^^^^^^^ -A basic configuration requires a tunnel source (local-ip), a tunnel destination -(remote-ip), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a +A basic configuration requires a tunnel source (source-address), a tunnel destination +(remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router @@ -127,8 +127,8 @@ defaults to GRE IP otherwise it would have to be configured as well. set interfaces tunnel tun100 address '10.0.0.1/30' set interfaces tunnel tun100 encapsulation 'gre' - set interfaces tunnel tun100 local-ip '198.51.100.2' - set interfaces tunnel tun100 remote-ip '203.0.113.10' + set interfaces tunnel tun100 source-address '198.51.100.2' + set interfaces tunnel tun100 remote '203.0.113.10' **Cisco IOS Router:** @@ -149,8 +149,8 @@ and a Linux host using systemd-networkd. set interfaces tunnel tun101 address '2001:db8:feed:beef::1/126' set interfaces tunnel tun101 address '192.168.5.1/30' set interfaces tunnel tun101 encapsulation 'ip6gre' - set interfaces tunnel tun101 local-ip '2001:db8:babe:face::3afe:3' - set interfaces tunnel tun101 remote-ip '2001:db8:9bb:3ce::5' + set interfaces tunnel tun101 source-address '2001:db8:babe:face::3afe:3' + set interfaces tunnel tun101 remote '2001:db8:9bb:3ce::5' **Linux systemd-networkd:** @@ -191,23 +191,23 @@ An example: .. code-block:: none - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 192.0.2.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 192.0.2.20 set interfaces tunnel tun0 address 10.40.50.60/24 set interfaces tunnel tun0 parameters ip key 10 - + .. code-block:: none - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 192.0.2.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 192.0.2.20 set interfaces tunnel tun0 address 172.16.17.18/24 set interfaces tunnel tun0 parameters ip key 20 GRE-Bridge ^^^^^^^^^^ -While normal GRE is for layer 3, GRE-Bridge is for layer 2. GRE-Bridge can -encapsulate Ethernet frames, thus it can be bridged with other interfaces to +While normal GRE is for layer 3, GRE-Bridge is for layer 2. GRE-Bridge can +encapsulate Ethernet frames, thus it can be bridged with other interfaces to create datalink layer segments that span multiple remote sites. Layer 2 GRE example: @@ -216,9 +216,9 @@ Layer 2 GRE example: set interfaces bridge br0 member interface eth0 set interfaces bridge br0 member interface tun0 - set interfaces tunnel tun0 encapsulation gre-bridge - set interfaces tunnel tun0 local-ip 198.51.100.2 - set interfaces tunnel tun0 remote-ip 203.0.113.10 + set interfaces tunnel tun0 encapsulation gretap + set interfaces tunnel tun0 source-address 192.0.2.100 + set interfaces tunnel tun0 remote 192.0.2.1 Troubleshooting ^^^^^^^^^^^^^^^ @@ -229,7 +229,7 @@ to make sure the configuration performs as expected. A common cause for GRE tunnels to fail to come up correctly include ACL or Firewall configurations that are discarding IP protocol 47 or blocking your source/destination traffic. -**1. Confirm IP connectivity between tunnel local-ip and remote-ip:** +**1. Confirm IP connectivity between tunnel source-address and remote:** .. code-block:: none diff --git a/docs/configuration/vpn/dmvpn.rst b/docs/configuration/vpn/dmvpn.rst index f902c388..f11f4a20 100644 --- a/docs/configuration/vpn/dmvpn.rst +++ b/docs/configuration/vpn/dmvpn.rst @@ -188,7 +188,7 @@ Hub set interfaces tunnel tun100 address '172.16.253.134/29' set interfaces tunnel tun100 encapsulation 'gre' - set interfaces tunnel tun100 local-ip '192.0.2.1' + set interfaces tunnel tun100 source-address '192.0.2.1' set interfaces tunnel tun100 multicast 'enable' set interfaces tunnel tun100 parameters ip key '1' @@ -293,7 +293,7 @@ VyOS can also run in DMVPN spoke mode. set interfaces ethernet eth0 address 'dhcp' set interfaces tunnel tun100 address '172.16.253.133/29' - set interfaces tunnel tun100 local-ip 0.0.0.0 + set interfaces tunnel tun100 source-address 0.0.0.0 set interfaces tunnel tun100 encapsulation 'gre' set interfaces tunnel tun100 multicast 'enable' set interfaces tunnel tun100 parameters ip key '1' diff --git a/docs/configuration/vpn/ipsec.rst b/docs/configuration/vpn/ipsec.rst index 2888336c..4a4849c9 100644 --- a/docs/configuration/vpn/ipsec.rst +++ b/docs/configuration/vpn/ipsec.rst @@ -46,8 +46,8 @@ On the LEFT: # GRE tunnel set interfaces tunnel tun0 encapsulation gre - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 203.0.113.45 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 203.0.113.45 set interfaces tunnel tun0 address 10.10.10.1/30 ## IPsec @@ -98,8 +98,8 @@ On the LEFT: set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 address 10.10.10.1/30 - set interfaces tunnel tun0 local-ip 192.168.99.1 - set interfaces tunnel tun0 remote-ip 192.168.99.2 + set interfaces tunnel tun0 source-address 192.168.99.1 + set interfaces tunnel tun0 remote 192.168.99.2 On the RIGHT: @@ -109,8 +109,8 @@ On the RIGHT: set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 address 10.10.10.2/30 - set interfaces tunnel tun0 local-ip 192.168.99.2 - set interfaces tunnel tun0 remote-ip 192.168.99.1 + set interfaces tunnel tun0 source-address 192.168.99.2 + set interfaces tunnel tun0 remote 192.168.99.1 **Setting up IPSec** |