summaryrefslogtreecommitdiff
path: root/docs/services
diff options
context:
space:
mode:
Diffstat (limited to 'docs/services')
-rw-r--r--docs/services/dns-forwarding.rst25
-rw-r--r--docs/services/index.rst4
-rw-r--r--docs/services/lldp.rst2
-rw-r--r--docs/services/pppoe-server.rst8
-rw-r--r--docs/services/ssh.rst6
-rw-r--r--docs/services/sstp-server.rst2
6 files changed, 30 insertions, 17 deletions
diff --git a/docs/services/dns-forwarding.rst b/docs/services/dns-forwarding.rst
index a8501c8f..4aaf6919 100644
--- a/docs/services/dns-forwarding.rst
+++ b/docs/services/dns-forwarding.rst
@@ -28,26 +28,37 @@ Setting a forwarding DNS server for a specific domain:
.. code-block:: sh
set service dns forwarding domain example.com server 192.0.2.1
+
+Set which networks or clients are allowed to query the DNS Server. Allow from all:
+
+.. code-block:: sh
+
+ set service dns forwarding allow-from 0.0.0.0/0
Example 1
^^^^^^^^^
-Router with two interfaces eth0 (WAN link) and eth1 (LAN). A DNS server for the
-local domain (example.com) is at 192.0.2.1, other DNS requests are forwarded
-to Google's DNS servers.
+Router with two interfaces eth0 (WAN link) and eth1 (LAN). Split DNS for example.com.
+
+* DNS request for a local domain (example.com) get forwarded to 192.0.2.1
+* Other DNS requests are forwarded to Google's DNS servers.
+* The IP address for the LAN interface is 192.168.0.1.
.. code-block:: sh
set service dns forwarding domain example.com server 192.0.2.1
set service dns forwarding name-server 8.8.8.8
set service dns forwarding name-server 8.8.4.4
- set service dns forwarding listen-on 'eth1'
+ set service dns forwarding listen-address 192.168.0.1
+ set service dns forwarding allow-from 0.0.0.0/0
Example 2
^^^^^^^^^
Same as example 1 but with additional IPv6 addresses for Google's public DNS
-servers:
+servers.
+
+The IP addresses for the LAN interface are 192.168.0.1 and 2001:db8::1
.. code-block:: sh
@@ -56,4 +67,6 @@ servers:
set service dns forwarding name-server 8.8.4.4
set service dns forwarding name-server 2001:4860:4860::8888
set service dns forwarding name-server 2001:4860:4860::8844
- set service dns forwarding listen-on 'eth1'
+ set service dns forwarding listen-address 2001:db8::1
+ set service dns forwarding listen-address 192.168.0.1
+ set service dns forwarding allow-from 0.0.0.0/0
diff --git a/docs/services/index.rst b/docs/services/index.rst
index 03fdc9c4..3e81b7a9 100644
--- a/docs/services/index.rst
+++ b/docs/services/index.rst
@@ -5,10 +5,10 @@
Services
========
-This chapter descriptes the available system/network services provided by VyOS.
+This chapter describes the available system/network services provided by VyOS.
.. toctree::
- :hidden:
+ :maxdepth: 1
conntrack
dhcp
diff --git a/docs/services/lldp.rst b/docs/services/lldp.rst
index 6a3bee7b..37214506 100644
--- a/docs/services/lldp.rst
+++ b/docs/services/lldp.rst
@@ -92,6 +92,6 @@ Exemple:
Troubleshooting
^^^^^^^^^^^^^^^
-Use operationnal command ``show log lldp`` to display logs.
+Use operational command ``show log lldp`` to display logs.
.. include:: references.rst
diff --git a/docs/services/pppoe-server.rst b/docs/services/pppoe-server.rst
index 2acc93f1..03e14971 100644
--- a/docs/services/pppoe-server.rst
+++ b/docs/services/pppoe-server.rst
@@ -41,12 +41,12 @@ Connections can be locally checked via the command
Client IP address pools
=======================
-To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range defintion.
+To automatically assign the client an IP address as tunnel endpoint, a client IP pool is needed. The source can be either RADIUS or a local subnet or IP range definition.
Once the local tunnel endpoint ``set service pppoe-server local-ip '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation.
If the CIDR notation is used, multiple subnets can be setup which are used sequentially.
-**Client IP address via IP range defintion**
+**Client IP address via IP range definition**
.. code-block:: sh
@@ -116,7 +116,7 @@ If attribute Filter-Id redefined, replace it in radius coa request
Automatic VLAN creation
=======================
-VLAN's can be created by accel-ppp on the fly if via the use of the kernel module vlan_mon, which is monitoring incoming vlans and creates the neccessary VLAN if required and allowed.
+VLAN's can be created by accel-ppp on the fly if via the use of the kernel module vlan_mon, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed.
VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface.
.. code-block:: sh
@@ -127,7 +127,7 @@ VyOS supports the use of either VLAN ID's or entire ranges, both values can be d
set service pppoe-server interface eth3 vlan-range 2000-3000
-The pppoe-server will now create these VLANs if required and once the user session has been cancelled, and the VLAN is not neccessary anymore, it will remove it again.
+The pppoe-server will now create these VLANs if required and once the user session has been cancelled, and the VLAN is not necessary anymore, it will remove it again.
diff --git a/docs/services/ssh.rst b/docs/services/ssh.rst
index 4d96f8de..caa255ce 100644
--- a/docs/services/ssh.rst
+++ b/docs/services/ssh.rst
@@ -44,13 +44,13 @@ Options
* Allow ``root`` login, this can be set to allow ``root`` logins on SSH
connections, however it is not advisable to use this setting as this bears
- serious security risks. The default system user posesses all required
+ serious security risks. The default system user possesses all required
privileges.
:code:`set service ssh allow-root`
* Allowed ciphers - A number of allowed ciphers can be specified, use multiple
- occurances to allow multiple ciphers.
+ occurrences to allow multiple ciphers.
:code:`set service ssh ciphers <cipher>`
@@ -70,7 +70,7 @@ Options
* `cast128-cbc`
* Disable password authentication - If SSH key authentication is set up,
- password-based user authetication can be disabled. This hardens security!
+ password-based user authentication can be disabled. This hardens security!
:code:`set service ssh disable-password-authentication`
diff --git a/docs/services/sstp-server.rst b/docs/services/sstp-server.rst
index 8ee8ef45..6ddbce38 100644
--- a/docs/services/sstp-server.rst
+++ b/docs/services/sstp-server.rst
@@ -14,7 +14,7 @@ Configuration
The `Secure Socket Tunneling Protocol`_ (SSTP), provides ppp via a SSL/TLS channel.
Using publically signed certificates as well a by private PKI, is fully supported.
-All certficates should be stored on VyOS under ``/config/user-data/sstp``.
+All certificates should be stored on VyOS under ``/config/user-data/sstp``.
Self Signed CA and server certificates