summaryrefslogtreecommitdiff
path: root/docs/vpn
diff options
context:
space:
mode:
Diffstat (limited to 'docs/vpn')
-rw-r--r--docs/vpn/index.rst4
-rw-r--r--docs/vpn/openvpn.rst46
-rw-r--r--docs/vpn/references.rst7
3 files changed, 22 insertions, 35 deletions
diff --git a/docs/vpn/index.rst b/docs/vpn/index.rst
index 055a2d5c..54b40f8f 100644
--- a/docs/vpn/index.rst
+++ b/docs/vpn/index.rst
@@ -5,10 +5,8 @@
VPN
===
-This chapter describes the available VPN services provided by VyOS.
-
.. toctree::
- :hidden:
+ :maxdepth: 2
openvpn
l2tp
diff --git a/docs/vpn/openvpn.rst b/docs/vpn/openvpn.rst
index 63949184..1a9ee9cf 100644
--- a/docs/vpn/openvpn.rst
+++ b/docs/vpn/openvpn.rst
@@ -1,7 +1,8 @@
.. _openvpn:
+#######
OpenVPN
--------
+#######
Traditionally hardware routers implement IPsec exclusively due to relative
ease of implementing it in hardware and insufficient CPU power for doing
@@ -31,8 +32,8 @@ In the VyOS CLI, a key point often overlooked is that rather than being
configured using the `set vpn` stanza, OpenVPN is configured as a network
interface using `set interfaces openvpn`.
-OpenVPN Site-To-Site
-^^^^^^^^^^^^^^^^^^^^
+Site-To-Site
+============
While many are aware of OpenVPN as a Client VPN solution, it is often
overlooked as a site-to-site VPN solution due to lack of support for this mode
@@ -178,8 +179,8 @@ to each tunnel. Another option is to dedicate a port number to each tunnel
OpenVPN status can be verified using the `show openvpn` operational commands.
See the built-in help for a complete list of options.
-OpenVPN Server
-^^^^^^^^^^^^^^
+Server
+======
Multi-client server is the most popular OpenVPN mode on routers. It always uses
x.509 authentication and therefore requires a PKI setup. This guide assumes you
@@ -255,10 +256,10 @@ internally, so we need to create a route to the 10.23.0.0/20 network ourselves:
Client Authentication
-*********************
+---------------------
-OpenLDAP
-========
+LDAP
+****
Enterprise installations usually ship a kind of directory service which is used
to have a single password store for all employees. VyOS and OpenVPN support using
@@ -297,7 +298,7 @@ The required config file may look like:
</Authorization>
Active Directory
-================
+****************
Despite the fact that AD is a superset of LDAP
@@ -382,8 +383,8 @@ A complete LDAP auth OpenVPN configuration could look like the following example
}
}
-OpenVPN Client
-^^^^^^^^^^^^^^
+Client
+======
VyOS can not only act as an OpenVPN site-to-site or Server for multiple clients.
You can indeed also configure any VyOS OpenVPN interface as an OpenVPN client
@@ -394,9 +395,8 @@ and another VyOS router acting as OpenVPN client. The Server also pushes a
static client IP address to the OpenVPN client. Remember, clients are identified
using their CN attribute in the SSL certificate.
-
Server
-******
+------
.. code-block:: sh
@@ -420,7 +420,7 @@ Server
set interfaces openvpn vtun10 use-lzo-compression
Client
-******
+------
.. code-block:: sh
@@ -437,7 +437,7 @@ Client
set interfaces openvpn vtun10 use-lzo-compression
Options
-^^^^^^^
+=======
We do not have CLI nodes for every single OpenVPN options. If an option is
missing, a feature request should be opened at https://phabricator.vyos.net so
@@ -446,20 +446,16 @@ all users can benefit from it.
If you are a hacker or want to try on your own we support passing raw OpenVPN
options to OpenVPN.
-.. code-block:: sh
-
- set interfaces openvpn vtun10 openvpn-option 'persistent-key'
+.. cfcmd:: set interfaces openvpn vtun10 openvpn-option 'persistent-key'
Will add ``persistent-key`` at the end of the generated OpenVPN configuration.
Please use this only as last resort - things might break and OpenVPN won't start
if you pass invalid options/syntax.
-Sometimes option lines in the generated OpenVPN configurarion require quotes.
-This is done through a hack on our config generator. You can pass Quotes using
-the ``&quot;`` statement.
-
-.. code-block:: sh
-
- set interfaces openvpn vtun10 openvpn-option 'push &quot;keepalive 1 10&quot;'
+.. cfcmd:: set interfaces openvpn vtun10 openvpn-option 'push &quot;keepalive 1 10&quot;'
Will add ``push "keepalive 1 10"`` to the generated OpenVPN config file.
+
+.. note:: Sometimes option lines in the generated OpenVPN configurarion require
+ quotes. This is done through a hack on our config generator. You can pass
+ quotes using the ``&quot;`` statement.
diff --git a/docs/vpn/references.rst b/docs/vpn/references.rst
deleted file mode 100644
index be3d5921..00000000
--- a/docs/vpn/references.rst
+++ /dev/null
@@ -1,7 +0,0 @@
-.. _`Google Public DNS`: https://developers.google.com/speed/public-dns
-.. _Quad9: https://quad9.net
-.. _CloudFlare: https://blog.cloudflare.com/announcing-1111
-.. _RADIUS: https://en.wikipedia.org/wiki/RADIUS
-.. _FreeRADIUS: https://freeradius.org
-.. _`Network Policy Server`: https://en.wikipedia.org/wiki/Network_Policy_Server
-.. _PPTP: https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol