summaryrefslogtreecommitdiff
path: root/docs/vpn/l2tp.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/vpn/l2tp.rst')
-rw-r--r--docs/vpn/l2tp.rst24
1 files changed, 12 insertions, 12 deletions
diff --git a/docs/vpn/l2tp.rst b/docs/vpn/l2tp.rst
index dd4a399b..2878babb 100644
--- a/docs/vpn/l2tp.rst
+++ b/docs/vpn/l2tp.rst
@@ -12,7 +12,7 @@ L2TP over IPsec
Example for configuring a simple L2TP over IPsec VPN for remote access (works
with native Windows and Mac VPN clients):
-.. code-block:: sh
+.. code-block:: console
set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec nat-traversal enable
@@ -43,7 +43,7 @@ As well as the below to allow NAT-traversal:
Example:
-.. code-block:: sh
+.. code-block:: console
set firewall name OUTSIDE-LOCAL rule 40 action 'accept'
set firewall name OUTSIDE-LOCAL rule 40 protocol 'esp'
@@ -61,7 +61,7 @@ Example:
To allow VPN-clients access via your external address, a NAT rule is required:
-.. code-block:: sh
+.. code-block:: console
set nat source rule 110 outbound-interface 'eth0'
set nat source rule 110 source address '192.168.255.0/24'
@@ -71,7 +71,7 @@ To allow VPN-clients access via your external address, a NAT rule is required:
VPN-clients will request configuration parameters, optionally you can DNS
parameter to the client.
-.. code-block:: sh
+.. code-block:: console
set vpn l2tp remote-access dns-servers server-1 '8.8.8.8'
set vpn l2tp remote-access dns-servers server-2 '8.8.4.4'
@@ -82,7 +82,7 @@ parameter to the client.
Established sessions can be viewed using the **show vpn remote-access**
operational command, or **show l2tp-server sessions**
-.. code-block:: sh
+.. code-block:: console
vyos@vyos:~$ show vpn remote-access
ifname | username | calling-sid | ip | rate-limit | type | comp | state | uptime
@@ -97,7 +97,7 @@ LNS are often used to connect to a LAC (L2TP Access Concentrator).
Below is an example to configure a LNS:
-.. code-block:: sh
+.. code-block:: console
set vpn l2tp remote-access outside-address 192.0.2.2
set vpn l2tp remote-access outside-nexthop 192.168.255.1
@@ -126,7 +126,7 @@ Bandwidth Shaping for local users
The rate-limit is set in kbit/sec.
-.. code-block:: sh
+.. code-block:: console
set vpn l2tp remote-access outside-address 192.0.2.2
set vpn l2tp remote-access outside-nexthop 192.168.255.1
@@ -151,14 +151,14 @@ exists within the configuration, however they are not used if the mode has been
changed from local to radius. Once changed back to local, it will use all local
accounts again.
-.. code-block:: sh
+.. code-block:: console
set vpn l2tp remote-access authentication mode <local|radius>
Since the RADIUS server would be a single point of failure, multiple RADIUS
servers can be setup and will be used subsequentially.
-.. code-block:: sh
+.. code-block:: console
set vpn l2tp remote-access authentication radius server 10.0.0.1 key 'foo'
set vpn l2tp remote-access authentication radius server 10.0.0.2 key 'foo'
@@ -173,7 +173,7 @@ If you are using OSPF as IGP always the closets interface connected to the RADIU
server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a
single source IP e.g. the loopback interface.
-.. code-block:: sh
+.. code-block:: console
set vpn l2tp remote-access authentication radius source-address 10.0.0.3
@@ -188,14 +188,14 @@ RADIUS bandwidth shaping attribute
To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled.
-.. code-block:: sh
+.. code-block:: console
set vpn l2tp remote-access authentication radius rate-limit enable
The default RADIUS attribute for rate limiting is ``Filter-Id``, but you may also
redefine it.
-.. code-block:: sh
+.. code-block:: console
set vpn l2tp remote-access authentication radius rate-limit attribute Download-Speed