diff options
Diffstat (limited to 'docs')
| m--------- | docs/_include/vyos-1x | 0 | ||||
| -rw-r--r-- | docs/changelog/1.3.rst | 75 | ||||
| -rw-r--r-- | docs/configuration/interfaces/openvpn.rst | 27 | ||||
| -rw-r--r-- | docs/configuration/protocols/rip.rst | 12 | ||||
| -rw-r--r-- | docs/configuration/service/dhcp-server.rst | 26 | ||||
| -rw-r--r-- | docs/configuration/service/snmp.rst | 4 | ||||
| -rw-r--r-- | docs/configuration/system/login.rst | 2 |
7 files changed, 116 insertions, 30 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 2f4466802d5448ecee59009686ed7c49c6a392d +Subproject f4d736112b64933c1849d16072575f665ca9f4c diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index f32d910d..179d3d96 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,65 @@ _ext/releasenotes.py +2021-10-10 +========== + +* :vytask:`T3750` (bug): pdns-recursor 4.4 issue with dont-query and private DNS servers +* :vytask:`T3885` (default): dhcpv6-pd: randomly generated DUID is not persisted +* :vytask:`T3899` (enhancment): Add support for hd44780 LCD displays + + +2021-10-09 +========== + +* :vytask:`T3894` (bug): Tunnel Commit Failed if system does not have `eth0` + + +2021-10-08 +========== + +* :vytask:`T3893` (bug): MGRE Tunnel commit crash If sit tunnel available + + +2021-10-04 +========== + +* :vytask:`T3888` (bug): Incorrect warning when poweroff command executed from configure mode. +* :vytask:`T3890` (feature): dhcp(v6): provide op-mode commands to retrieve both server and client logfiles +* :vytask:`T3889` (feature): Migrate to journalctl when reading daemon logs + + +2021-10-03 +========== + +* :vytask:`T3880` (bug): EFI boot shows error on display + + +2021-10-02 +========== + +* :vytask:`T3882` (feature): Upgrade PowerDNs recursor to 4.5 series +* :vytask:`T3883` (bug): VRF - Delette vrf config on interface + + +2021-10-01 +========== + +* :vytask:`T3877` (bug): VRRP always enabled rfc3768-compatibility even when not specified + + +2021-09-30 +========== + +* :vytask:`T3874` (bug): D-Link Ethernet Interface not working. + + +2021-09-27 +========== + +* :vytask:`T3858` (bug): Deleting OSPFv3 process yields: Unknown command: no router-id + + 2021-09-26 ========== @@ -107,7 +166,6 @@ * :vytask:`T3788` (bug): Keys are not allowed with ipip and sit tunnels * :vytask:`T3683` (bug): VXLAN not accept ipv6 and source-interface options and mtu bug * :vytask:`T3634` (feature): Add op command option for ping for do not fragment bit to be set -* :vytask:`T690` (feature): Allow OpenVPN servers to push routes with custom metric values 2021-09-02 @@ -334,7 +392,6 @@ * :vytask:`T2328` (default): dhcpv6 server not starting (disable check reversed?) * :vytask:`T1758` (default): Switch vyos.config to libvyosconfig * :vytask:`T954` (bug): Using the 10.255.255.0/24 subnet on other interfaces breaks L2TP/IPSec -* :vytask:`T1187` (bug): Command show log vpn display wrong information 2021-07-23 @@ -876,7 +933,7 @@ 2021-02-16 ========== -* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.143 / 5.10.61 +* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.152 / 5.10.72 2021-02-14 @@ -1754,7 +1811,6 @@ * :vytask:`T2814` (default): kernel 5.1+ : NAT : module `nft_chain_nat_ipv4` renamed * :vytask:`T2839` (feature): Upgrade WireGuard user-space tools and Kernel module * :vytask:`T2842` (feature): Replace custom "wireguard, wireguard-tools" package with debian-backports version -* :vytask:`T1205` (bug): module pcspkr missing 2020-08-29 @@ -1887,7 +1943,6 @@ * :vytask:`T2758` (bug): router-advert: 'infinity' is not a valid integer number * :vytask:`T2637` (bug): Vlan is not removed from the system -* :vytask:`T1194` (bug): cronjob is being setup even if not saved * :vytask:`T1287` (bug): No DHCPv6 leases reported for "show dhcpv6 client leases" @@ -1935,7 +1990,6 @@ ========== * :vytask:`T2743` (feature): WireGuard: move key migration from config script to migration script -* :vytask:`T1241` (bug): Remove of policy route throws CLI error * :vytask:`T2742` (feature): mDNS repeater: migrate to get_config_dict() @@ -1950,7 +2004,7 @@ ========== * :vytask:`T2729` (feature): Pseudo-ethernet replace fail message -* :vytask:`T1249` (feature): multiply PBR rules can set to a single interface +* :vytask:`T1249` (feature): multiple PBR rules can set to a single interface * :vytask:`T1956` (feature): PPPoE server: support PADO-delay * :vytask:`T1295` (feature): FRR: update documentation * :vytask:`T1222` (bug): OSPF routing problem - route looping @@ -2401,7 +2455,7 @@ * :vytask:`T2481` (feature): WireGuard: support tunnel via IPv6 underlay * :vytask:`T421` (bug): Add Pv6 prefix delegation support -* :vytask:`T815` (feature): Add DHCPv6 prefix-delegation support +* :vytask:`T815` (feature): Add DHCPv6 server prefix-delegation support 2020-05-17 @@ -3591,7 +3645,7 @@ ========== * :vytask:`T1617` (default): OpenVPN push route failure -* :vytask:`T1250` (bug): FRR not setting default gateway from dhcp +* :vytask:`T1250` (bug): FRR not setting default gateway from DHCP 2019-08-26 @@ -3961,5 +4015,4 @@ 2019-02-09 ========== -* :vytask:`T1236` (feature): Update Linux Kernel to 4.19.20 -* :vytask:`T1238` (bug): Wireguard allows invalid IP's +* :vytask:`T1236` (feature): Update Linux Kernel diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index 82dd26dd..80fef754 100644 --- a/docs/configuration/interfaces/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -34,8 +34,9 @@ In the VyOS CLI, a key point often overlooked is that rather than being configured using the `set vpn` stanza, OpenVPN is configured as a network interface using `set interfaces openvpn`. +************ Site-To-Site -============ +************ .. figure:: /_static/images/openvpn_site2site_diagram.jpg @@ -130,9 +131,9 @@ Remote Configuration - Annotated: set interfaces openvpn vtun1 local-address '10.255.1.2' # Local IP of vtun interface set interfaces openvpn vtun1 remote-address '10.255.1.1' # Remote IP of vtun interface -******************* + Firewall Exceptions -******************* +=================== For the OpenVPN traffic to pass through the WAN interface, you must create a firewall exception. @@ -245,8 +246,9 @@ to each tunnel. Another option is to dedicate a port number to each tunnel OpenVPN status can be verified using the `show openvpn` operational commands. See the built-in help for a complete list of options. +****** Server -====== +****** Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this section @@ -322,7 +324,7 @@ internally, so we need to create a route to the 10.23.0.0/20 network ourselves: set protocols static interface-route 10.23.0.0/20 next-hop-interface vtun10 Generate X.509 Certificate and Keys ------------------------------------ +=================================== OpenVPN ships with a set of scripts called Easy-RSA that can generate the appropriate files needed for an OpenVPN setup using X.509 certificates. @@ -535,8 +537,10 @@ example: } } + +****** Client -====== +****** VyOS can not only act as an OpenVPN site-to-site or server for multiple clients. You can indeed also configure any VyOS OpenVPN interface as an OpenVPN client @@ -548,7 +552,7 @@ static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate. Server ------- +====== .. code-block:: none @@ -572,7 +576,7 @@ Server set interfaces openvpn vtun10 use-lzo-compression Client ------- +====== .. code-block:: none @@ -614,13 +618,14 @@ Will add ``push "keepalive 1 10"`` to the generated OpenVPN config file. quotes using the ``"`` statement. +*************** Troubleshooting -=============== +*************** VyOS provides some operational commands on OpenVPN. Check status ------------- +============ The following commands let you check tunnel status. @@ -639,7 +644,7 @@ The following commands let you check tunnel status. Reset OpenVPN -------------- +============= The following commands let you reset OpenVPN. diff --git a/docs/configuration/protocols/rip.rst b/docs/configuration/protocols/rip.rst index 4d46e2f0..fd20a90c 100644 --- a/docs/configuration/protocols/rip.rst +++ b/docs/configuration/protocols/rip.rst @@ -1,3 +1,5 @@ +:lastproofread: 2021-10-04 + .. _rip: ### @@ -57,20 +59,20 @@ Optional Configuration .. cfgcmd:: set protocols rip default-distance <distance> - This command change distance value of RIP. The distance range is 1 to 255. + This command change the distance value of RIP. The distance range is 1 to 255. .. note:: Routes with a distance of 255 are effectively disabled and not installed into the kernel. .. cfgcmd:: set protocols rip network-distance <A.B.C.D/M> distance <distance> - This command sets default RIP distance to specified value when the route’s + This command sets default RIP distance to a specified value when the routes source IP address matches the specified prefix. .. cfgcmd:: set protocols rip network-distance <A.B.C.D/M> access-list <name> This command can be used with previous command to sets default RIP distance - to specified value when the route’s source IP address matches the specified + to specified value when the route source IP address matches the specified prefix and the specified access-list. .. cfgcmd:: set protocols rip default-information originate @@ -156,7 +158,7 @@ Redistribution Configuration This command modifies the default metric (hop count) value for redistributed routes. The metric range is 1 to 16. The default value is 1. This command does not affect connected route even if it is redistributed by - :cfgcmd:`redistribute connected`. To modify connected route’s metric + :cfgcmd:`redistribute connected`. To modify connected routes metric value, please use :cfgcmd:`redistribute connected metric`. @@ -178,7 +180,7 @@ Interfaces Configuration This command disables split-horizon on the interface. By default, VyOS does not advertise RIP routes out the interface over which they were learned - (split horizon). + (split horizon).3 .. cfgcmd:: set interfaces <inttype> <intname> ip rip split-horizon poison-reverse diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index c3f21b80..38f4d7fc 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -464,6 +464,30 @@ Option 43 for UniFI Operation Mode ============== +.. opcmd:: show log dhcp server + + Show DHCP server daemon log file + +.. opcmd:: show log dhcp client + + Show logs from all DHCP client processes. + +.. opcmd:: show log dhcp client interface <interface> + + Show logs from specific `interface` DHCP client process. + +.. opcmd:: show log dhcpv6 server + + Show DHCPv6 server daemon log file + +.. opcmd:: show log dhcpv6 client + + Show logs from all DHCPv6 client processes. + +.. opcmd:: show log dhcpv6 client interface <interface> + + Show logs from specific `interface` DHCPv6 client process. + .. opcmd:: restart dhcp server Restart the DHCP server @@ -512,6 +536,8 @@ Operation Mode Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active) + + *********** IPv6 server *********** diff --git a/docs/configuration/service/snmp.rst b/docs/configuration/service/snmp.rst index e962c1c5..2a55b775 100644 --- a/docs/configuration/service/snmp.rst +++ b/docs/configuration/service/snmp.rst @@ -166,9 +166,9 @@ configuration. The resulting LCI config will look like: .. code-block:: none vyos@vyos# show service snmp - listen-address 172.18.254.201 { + listen-address 192.0.2.1 { } - location "Wuerzburg, Dr.-Georg-Fuchs-Str. 8" + location "VyOS Datacenter" v3 { engineid 000000000000000000000002 group default { diff --git a/docs/configuration/system/login.rst b/docs/configuration/system/login.rst index bf26904e..61201de7 100644 --- a/docs/configuration/system/login.rst +++ b/docs/configuration/system/login.rst @@ -122,7 +122,7 @@ Dial-In User Service)` servers as backend for user authentication. Configuration ------------- -.. cfgcmd:: set system login radius server <address> secret <secret> +.. cfgcmd:: set system login radius server <address> key <secret> Specify the `<address>` of the RADIUS server user with the pre-shared-secret given in `<secret>`. Multiple servers can be specified. |