diff options
Diffstat (limited to 'docs/services')
| -rw-r--r-- | docs/services/dhcp.rst | 2 | ||||
| -rw-r--r-- | docs/services/dns-forwarding.rst | 8 | ||||
| -rw-r--r-- | docs/services/index.rst | 2 | ||||
| -rw-r--r-- | docs/services/lldp.rst | 2 | ||||
| -rw-r--r-- | docs/services/pppoe-server.rst | 8 | ||||
| -rw-r--r-- | docs/services/snmp.rst | 42 | ||||
| -rw-r--r-- | docs/services/ssh.rst | 6 | ||||
| -rw-r--r-- | docs/services/sstp-server.rst | 3 |
8 files changed, 53 insertions, 20 deletions
diff --git a/docs/services/dhcp.rst b/docs/services/dhcp.rst index 0fc01f04..36162bbe 100644 --- a/docs/services/dhcp.rst +++ b/docs/services/dhcp.rst @@ -23,7 +23,7 @@ Interface Configuration .. code-block:: sh - set interface eth1 address 172.16.17.1/24 + set interface ethernet eth1 address 172.16.17.1/24 Multiple ranges can be defined and can contain holes. diff --git a/docs/services/dns-forwarding.rst b/docs/services/dns-forwarding.rst index 067dacaf..4aaf6919 100644 --- a/docs/services/dns-forwarding.rst +++ b/docs/services/dns-forwarding.rst @@ -28,6 +28,12 @@ Setting a forwarding DNS server for a specific domain: .. code-block:: sh set service dns forwarding domain example.com server 192.0.2.1 + +Set which networks or clients are allowed to query the DNS Server. Allow from all: + +.. code-block:: sh + + set service dns forwarding allow-from 0.0.0.0/0 Example 1 ^^^^^^^^^ @@ -44,6 +50,7 @@ Router with two interfaces eth0 (WAN link) and eth1 (LAN). Split DNS for example set service dns forwarding name-server 8.8.8.8 set service dns forwarding name-server 8.8.4.4 set service dns forwarding listen-address 192.168.0.1 + set service dns forwarding allow-from 0.0.0.0/0 Example 2 ^^^^^^^^^ @@ -62,3 +69,4 @@ The IP addresses for the LAN interface are 192.168.0.1 and 2001:db8::1 set service dns forwarding name-server 2001:4860:4860::8844 set service dns forwarding listen-address 2001:db8::1 set service dns forwarding listen-address 192.168.0.1 + set service dns forwarding allow-from 0.0.0.0/0 diff --git a/docs/services/index.rst b/docs/services/index.rst index 8f7553a8..3e81b7a9 100644 --- a/docs/services/index.rst +++ b/docs/services/index.rst @@ -5,7 +5,7 @@ Services ======== -This chapter descriptes the available system/network services provided by VyOS. +This chapter describes the available system/network services provided by VyOS. .. toctree:: :maxdepth: 1 diff --git a/docs/services/lldp.rst b/docs/services/lldp.rst index 6a3bee7b..37214506 100644 --- a/docs/services/lldp.rst +++ b/docs/services/lldp.rst @@ -92,6 +92,6 @@ Exemple: Troubleshooting ^^^^^^^^^^^^^^^ -Use operationnal command ``show log lldp`` to display logs. +Use operational command ``show log lldp`` to display logs. .. include:: references.rst diff --git a/docs/services/pppoe-server.rst b/docs/services/pppoe-server.rst index 2acc93f1..03e14971 100644 --- a/docs/services/pppoe-server.rst +++ b/docs/services/pppoe-server.rst @@ -41,12 +41,12 @@ Connections can be locally checked via the command Client IP address pools ======================= -To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range defintion. +To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range definition. Once the local tunnel endpoint ``set service pppoe-server local-ip '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially. -**Client IP address via IP range defintion** +**Client IP address via IP range definition** .. code-block:: sh @@ -116,7 +116,7 @@ If attribute Filter-Id redefined, replace it in radius coa request Automatic VLAN creation ======================= -VLAN's can be created by accel-ppp on the fly if via the use of the kernel module vlan_mon, which is monitoring incoming vlans and creates the neccessary VLAN if required and allowed. +VLAN's can be created by accel-ppp on the fly if via the use of the kernel module vlan_mon, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface. .. code-block:: sh @@ -127,7 +127,7 @@ VyOS supports the use of either VLAN ID's or entire ranges, both values can be d set service pppoe-server interface eth3 vlan-range 2000-3000 -The pppoe-server will now create these VLANs if required and once the user session has been cancelled, and the VLAN is not neccessary anymore, it will remove it again. +The pppoe-server will now create these VLANs if required and once the user session has been cancelled, and the VLAN is not necessary anymore, it will remove it again. diff --git a/docs/services/snmp.rst b/docs/services/snmp.rst index 54e23c6b..351d3324 100644 --- a/docs/services/snmp.rst +++ b/docs/services/snmp.rst @@ -33,10 +33,8 @@ agent which reports information via SNMP to the manager. An SNMP-managed network consists of three key components: * Managed devices - -* Agent – software which runs on managed devices - -* Network management station (NMS) – software which runs on the manager +* Agent - software which runs on managed devices +* Network management station (NMS) - software which runs on the manager A managed device is a network node that implements an SNMP interface that allows unidirectional (read-only) or bidirectional (read and write) access to @@ -179,10 +177,12 @@ After commit the resulting configuration will look like: SNMP Extensions ^^^^^^^^^^^^^^^ -To extend SNMP agent functionality, custom scripts can be executed every time the agent is being called. -This can be achieved by using `arbitrary extension commands`_. -The first step is to create a functional script of course, then upload it to your VyOS instance via the command ``scp your_script.sh vyos@your_router:/config/user-data``. -Once the script is uploaded, it needs to be configured via the command below. +To extend SNMP agent functionality, custom scripts can be executed every time +the agent is being called. This can be achieved by using ``arbitrary extension +commands``_. The first step is to create a functional script of course, then +upload it to your VyOS instance via the command ``scp your_script.sh +vyos@your_router:/config/user-data``. Once the script is uploaded, it needs to +be configured via the command below. .. code-block:: sh @@ -191,7 +191,8 @@ Once the script is uploaded, it needs to be configured via the command below. commit -The OID ``.1.3.6.1.4.1.8072.1.3.2.3.1.1.4.116.101.115.116``, once called, will contain the output of the extension. +The OID ``.1.3.6.1.4.1.8072.1.3.2.3.1.1.4.116.101.115.116``, once called, will +contain the output of the extension. .. code-block:: sh @@ -201,6 +202,29 @@ The OID ``.1.3.6.1.4.1.8072.1.3.2.3.1.1.4.116.101.115.116``, once called, will c NET-SNMP-EXTEND-MIB::nsExtendOutNumLines."my-extension" = INTEGER: 1 NET-SNMP-EXTEND-MIB::nsExtendResult."my-extension" = INTEGER: 0 +SolarWinds +^^^^^^^^^^ + +If you happen to use SolarWinds Orion as NMS you can also use the Device +Templates Management. A template for VyOS can be easily imported. + +Create a file named ``VyOS-1.3.6.1.4.1.44641.ConfigMgmt-Commands`` using the +following content: + +.. code-block:: sh + <Configuration-Management Device="VyOS" SystemOID="1.3.6.1.4.1.44641"> + <Commands> + <Command Name="Reset" Value="set terminal width 0${CRLF}set terminal length 0"/> + <Command Name="Reboot" Value="reboot${CRLF}Yes"/> + <Command Name="EnterConfigMode" Value="configure"/> + <Command Name="ExitConfigMode" Value="commit${CRLF}exit"/> + <Command Name="DownloadConfig" Value="show configuration commands"/> + <Command Name="SaveConfig" Value="commit${CRLF}save"/> + <Command Name="Version" Value="show version"/> + <Command Name="MenuBased" Value="False"/> + <Command Name="VirtualPrompt" Value=":~"/> + </Commands> + </Configuration-Management> .. include:: references.rst diff --git a/docs/services/ssh.rst b/docs/services/ssh.rst index 4d96f8de..caa255ce 100644 --- a/docs/services/ssh.rst +++ b/docs/services/ssh.rst @@ -44,13 +44,13 @@ Options * Allow ``root`` login, this can be set to allow ``root`` logins on SSH connections, however it is not advisable to use this setting as this bears - serious security risks. The default system user posesses all required + serious security risks. The default system user possesses all required privileges. :code:`set service ssh allow-root` * Allowed ciphers - A number of allowed ciphers can be specified, use multiple - occurances to allow multiple ciphers. + occurrences to allow multiple ciphers. :code:`set service ssh ciphers <cipher>` @@ -70,7 +70,7 @@ Options * `cast128-cbc` * Disable password authentication - If SSH key authentication is set up, - password-based user authetication can be disabled. This hardens security! + password-based user authentication can be disabled. This hardens security! :code:`set service ssh disable-password-authentication` diff --git a/docs/services/sstp-server.rst b/docs/services/sstp-server.rst index 8ee8ef45..bed2e1a6 100644 --- a/docs/services/sstp-server.rst +++ b/docs/services/sstp-server.rst @@ -14,7 +14,7 @@ Configuration The `Secure Socket Tunneling Protocol`_ (SSTP), provides ppp via a SSL/TLS channel. Using publically signed certificates as well a by private PKI, is fully supported. -All certficates should be stored on VyOS under ``/config/user-data/sstp``. +All certificates should be stored on VyOS under ``/config/user-data/sstp``. Self Signed CA and server certificates @@ -62,6 +62,7 @@ Use <tab> to setup the ``set sstp-settings ssl-certs ...``, it automatically loo .. code-block:: sh + edit service sstp-server set authentication local-users username foo password 'bar' set authentication mode 'local' set network-settings client-ip-settings gateway-address '10.100.100.1' |