diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/about.rst | 21 | ||||
-rw-r--r-- | docs/appendix/examples/zone-policy.rst | 2 | ||||
-rw-r--r-- | docs/appendix/vyos-on-baremetal.rst | 3 | ||||
-rw-r--r-- | docs/conf.py | 3 | ||||
-rw-r--r-- | docs/contributing/build-vyos.rst | 2 | ||||
-rw-r--r-- | docs/contributing/development.rst | 139 | ||||
-rw-r--r-- | docs/contributing/issues-features.rst | 2 | ||||
-rw-r--r-- | docs/firewall.rst | 2 | ||||
-rw-r--r-- | docs/history.rst | 6 | ||||
-rw-r--r-- | docs/index.rst | 23 | ||||
-rw-r--r-- | docs/install.rst | 2 | ||||
-rw-r--r-- | docs/interfaces/l2tpv3.rst | 2 | ||||
-rw-r--r-- | docs/interfaces/tunnel.rst | 2 | ||||
-rw-r--r-- | docs/nat.rst | 4 | ||||
-rw-r--r-- | docs/qos.rst | 6 | ||||
-rw-r--r-- | docs/quick-start.rst | 2 | ||||
-rw-r--r-- | docs/services/references.rst | 2 | ||||
-rw-r--r-- | docs/troubleshooting.rst | 2 | ||||
-rw-r--r-- | docs/vpn/openvpn.rst | 5 |
19 files changed, 146 insertions, 84 deletions
diff --git a/docs/about.rst b/docs/about.rst index 9a7a7aac..15a672a6 100644 --- a/docs/about.rst +++ b/docs/about.rst @@ -25,24 +25,3 @@ always refer to the documentation matching your current, running installation. If a change in the CLI is required, VyOS will ship a so called migration script which will take care of adjusting the synatax. No action needs to be taken by you. - - -**************** -Copyright Notice -**************** - -Copyright (C) 2018-2019 VyOS maintainers and contributors - -Permission is granted to make and distribute verbatim copies of this manual -provided the copyright notice and this permission notice are preserved on all -copies. - -Permission is granted to copy and distribute modified versions of this manual -under the conditions for verbatim copying, provided that the entire resulting -derived work is distributed under the terms of a permission notice identical -to this one. - -Permission is granted to copy and distribute translations of this manual into -another language, under the above conditions for modified versions, except that -this permission notice may be stated in a translation approved by the VyOS -maintainers.
\ No newline at end of file diff --git a/docs/appendix/examples/zone-policy.rst b/docs/appendix/examples/zone-policy.rst index db985258..666fc99b 100644 --- a/docs/appendix/examples/zone-policy.rst +++ b/docs/appendix/examples/zone-policy.rst @@ -18,7 +18,7 @@ We have three networks. This specific example is for a router on a stick, but is very easily adapted for however many NICs you have. -[http://imgur.com/Alz1J.png Topology Image] +[https://i.imgur.com/Alz1J.png Topology Image] The VyOS interface is assigned the .1/:1 address of their respective networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30. diff --git a/docs/appendix/vyos-on-baremetal.rst b/docs/appendix/vyos-on-baremetal.rst index 2b155fd7..76b5e210 100644 --- a/docs/appendix/vyos-on-baremetal.rst +++ b/docs/appendix/vyos-on-baremetal.rst @@ -306,8 +306,7 @@ Partaker i5 .. figure:: ../_static/images/600px-Partaker-i5.jpg I believe this is actually the same hardware as the Protectli. I purchased it -from `Amazon <https://www.amazon.com/gp/product/B073F9GHKL/>`_ in June 2018. -It came pre-loaded with pfSense. +in June 2018. It came pre-loaded with pfSense. `Manufacturer product page <http://www.inctel.com.cn/product/detail/338.html>`_. diff --git a/docs/conf.py b/docs/conf.py index 2bc581be..76293898 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -40,7 +40,8 @@ release = u'1.3.x (equuleus)' # ones. extensions = ['sphinx.ext.intersphinx', 'sphinx.ext.todo', - 'sphinx.ext.ifconfig'] + 'sphinx.ext.ifconfig', + 'sphinx.ext.graphviz'] # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] diff --git a/docs/contributing/build-vyos.rst b/docs/contributing/build-vyos.rst index 51cfc7a4..bc113750 100644 --- a/docs/contributing/build-vyos.rst +++ b/docs/contributing/build-vyos.rst @@ -156,7 +156,7 @@ versions, so we are building it from source. Debian does keep their package in git, but it's upstream tarball imported into git without its original commit history. To be able to merge new tags in, we keep a fork of the upstream repository with packaging files imported from -Debian at http://github.com/vyos/keepalived-upstream +Debian at https://github.com/vyos/keepalived-upstream strongswan ^^^^^^^^^^ diff --git a/docs/contributing/development.rst b/docs/contributing/development.rst index 12d706f3..1c257772 100644 --- a/docs/contributing/development.rst +++ b/docs/contributing/development.rst @@ -1,7 +1,8 @@ .. _development: +########### Development -=========== +########### All VyOS source code is hosted on GitHub under the VyOS organization which can be found here: https://github.com/vyos @@ -20,8 +21,8 @@ https://github.com/vyos/vyos-build The README.md file will guide you to use the this top level repository. -Submit a patch --------------- +Submit a Patch +============== Patches are always more then welcome. To have a clean and easy to maintain repository we have some guidelines when working with Git. A clean repository @@ -32,22 +33,26 @@ file(s) history by invoking ``git log path/to/file.txt``. .. _prepare_commit: -Preparing patch/commit -^^^^^^^^^^^^^^^^^^^^^^ +Prepare patch/commit +-------------------- In a big system, such as VyOS, that is comprised of multiple components, it's impossible to keep track of all the changes and bugs/feature requests in one's head. We use a bugtracker known as Phabricator_ for it ("issue tracker" would be a better term, but this one stuck). -The information is used in two ways: +The information is used in three ways: * Keep track of the progress (what we've already done in this branch and what we still need to do). * Prepare release notes for upcoming releases -To make this approach work, every change must be associated with a bug number +* Help future maintainers of VyOS (it could be you!) to find out why certain + things have been changed in the codebase or why certain features have been + added + +To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in @@ -60,19 +65,21 @@ If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to ammend the commit message. Otherwise we will have to reject it. -In general, use an editor to create your commit messages rather than passing -them on the command line. The format should be and is inspired by this blog -post: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html +Writing good commit messages +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* A single, short, summary of the commit (recommended 70 characters or less, - but not exceeding 80 characters) +The format should be and is inspired by: https://git-scm.com/book/ch5-2.html - * Add a prefix of the changed component to your commit headline, e.g. ``snmp: - T1111:`` or ``ethernet: T2222:``. If multiple components are touched by this - commit, you can use multiple prefixes, e.g.: ``snmp: ethernet:`` +* A single, short, summary of the commit (recommended 50 characters or less, + not exceeding 80 characters) containing a prefix of the changed component + and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or + ``ethernet: T2222:`` - multiple components could be concatenated as in + ``snmp: ethernet: T3333`` -* Followed by a blank line (this is mandatory - else Git will treat the whole - commit message as the headline only) +* In some contexts, the first line is treated as the subject of an email and + the rest of the text as the body. The blank line separating the summary from + the body is critical (unless you omit the body entirely); tools like rebase + can get confused if you run the two together. * Followed by a message which describes all the details like: @@ -107,8 +114,9 @@ Limits: Please submit your patches using the well-known GitHub pull-request against our repositories found in the VyOS GitHub organisation at https://github.com/vyos -Determining package for a fix -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Determinine source package +-------------------------- Suppose you want to make a change in the webproxy script but yet you do not know which of the many VyOS packages ship this file. You can determine the VyOS @@ -124,8 +132,9 @@ This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy -Fork repository to submit a Patch -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Fork Repository and submit Patch +-------------------------------- Forking the repository and submitting a GitHub pull-request is the preferred way of submitting your changes to VyOS. You can fork any VyOS repository to your @@ -160,8 +169,9 @@ record them in your created Git commit: * Submit the patch ``git push`` and create the GitHub pull-request. + Attach patch to Phabricator task -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +-------------------------------- Follow the above steps on how to "Fork repository to submit a Patch". Instead of uploading "pushing" your changes to GitHub you can export the patches/ @@ -171,8 +181,9 @@ commits and send it to maintainers@vyos.net or attach it directly to the bug * Export last commit to patch file: ``git format-patch`` or export the last two commits into its appropriate patch files: ``git format-patch -2`` + Coding Guidelines ------------------ +================= Like any other project we have some small guidelines about our source code, too. The rules we have are not there to punish you - the rules are in place to help @@ -183,8 +194,9 @@ implied logic of any one source file.. Python 3 **shall** be used. How long can we keep Python 2 alive anyway? No considerations for Python 2 compatibility **should** be taken at any time. + Formatting -^^^^^^^^^^ +---------- * Python: Tabs **shall not** be used. Every indentation level should be 4 spaces * XML: Tabs **shall not** be used. Every indentation level should be 2 spaces @@ -194,8 +206,9 @@ Formatting ``au FileType xml setlocal equalprg=xmllint\ --format\ --recover\ -\ 2>/dev/null`` now you can call the linter using ``gg=G`` in command mode. + Text generation -############### +^^^^^^^^^^^^^^^ Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every @@ -204,8 +217,9 @@ used for structured, multi-line formats such as those used by ISC DHCPd. The default template processor for VyOS code is Jinja2_. + Summary -####### +------- When modifying the source code, remember these rules of the legacy elimination campaign: @@ -214,8 +228,9 @@ campaign: * No old style command definitions * No code incompatible with Python3 + Python ------- +====== The switch to the Python programming language for new code is not merely a change of the language, but a chance to rethink and improve the programming @@ -239,8 +254,9 @@ Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Pyhon interface. -Configuration script structure and behaviour -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Configuration Script Structure and Behaviour +-------------------------------------------- Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd @@ -360,8 +376,9 @@ For easy orientation we suggest you take a look on the ``ntp.py`` or ``interfaces-bonding.py`` (for tag nodes) implementation. Both files can be found in the vyos-1x_ repository. -XML - CLI ---------- + +XML (used for CLI definitions) +============================== The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The @@ -384,7 +401,6 @@ there is no other format now that would allow this. Besides, a specialized XML editor can alleviate the issue with verbosity. Example: -^^^^^^^^ .. code-block:: xml @@ -466,18 +482,58 @@ Command definitions are purely declarative, and cannot contain any logic. All logic for generating config files for target applications, restarting services and so on is implemented in configuration scripts instead. +GNU Preprocessor +---------------- + +XML interface definition files use the `xml.in` file extension which was +implemented in T1843_. XML interface definitions tend to have a lot of +duplicated code in areas such as: + +* VIF (incl. VIF-S/VIF-C) +* Address +* Description +* Enabled/Disabled + +Instead of supplying all those XML nodes multiple times there are now include +files with predefined features. Brief overview: + +* `IPv4, IPv6 and DHCP(v6)`_ address assignment +* `IPv4, IPv6`_ address assignment +* `VLAN (VIF)`_ definition +* `MAC address`_ assignment + +All interface definition XML input files (.in suffix) will be sent to the GCC +preprocess and the output is stored in the `build/interface-definitions` +folder. The previously mentioned `scripts/build-command-templates` script +operates on the `build/interface-definitions` folder to generate all required +CLI nodes. + +.. code-block:: none + + $ make interface_definitions + install -d -m 0755 build/interface-definitions + install -d -m 0755 build/op-mode-definitions + Generating build/interface-definitions/intel_qat.xml from interface-definitions/intel_qat.xml.in + Generating build/interface-definitions/interfaces-bonding.xml from interface-definitions/interfaces-bonding.xml.in + Generating build/interface-definitions/cron.xml from interface-definitions/cron.xml.in + Generating build/interface-definitions/pppoe-server.xml from interface-definitions/pppoe-server.xml.in + Generating build/interface-definitions/mdns-repeater.xml from interface-definitions/mdns-repeater.xml.in + Generating build/interface-definitions/tftp-server.xml from interface-definitions/tftp-server.xml.in + [...] + + Guidelines -^^^^^^^^^^ +---------- Use of numbers -############## +^^^^^^^^^^^^^^^ Use of numbers in command names **should** be avoided unless a number is a part of a protocol name or similar. Thus, ``protocols ospfv3`` is perfectly fine, but something like ``server-1`` is questionable at best. Help String -########### +^^^^^^^^^^^ To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently. @@ -554,7 +610,7 @@ Examples: * Bad: "Disables IPv6 forwarding" Migrating old CLI -^^^^^^^^^^^^^^^^^ +----------------- .. list-table:: :widths: 25 25 50 @@ -618,7 +674,7 @@ Migrating old CLI - All logic should be in the scripts Continous Integration ---------------------- +===================== VyOS makes use of Jenkins_ as our Continous Integration (CI) service. Our CI server is publicly accessible here: https://ci.vyos.net. You can get a brief @@ -636,9 +692,14 @@ to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/. .. _process: https://blog.vyos.io/vyos-development-digest-10 -.. _VyConf: https://github.com/vyos/vyconf/blob/master/data/schemata -.. _vyos-1x: https://github.com/vyos/vyos-1x/blob/current/schema/ +.. _VyConf: https://github.com/vyos/vyconf/tree/master/data/schemata +.. _vyos-1x: https://github.com/vyos/vyos-1x/tree/current/schema .. _Jinja2: https://jinja.palletsprojects.com/ .. _Phabricator: https://phabricator.vyos.net/ .. _Jenkins: https://jenkins.io/ .. _Dockerhub: https://hub.docker.com/u/vyos/ +.. _T1843: https://phabricator.vyos.net/T1843 +.. _`IPv4, IPv6 and DHCP(v6)`: https://github.com/vyos/vyos-1x/tree/current/interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i +.. _`IPv4, IPv6`: https://github.com/vyos/vyos-1x/tree/current/interface-definitions/include/address-ipv4-ipv6.xml.i +.. _`VLAN (VIF)`: https://github.com/vyos/vyos-1x/tree/current/interface-definitions/include/vif.xml.i +.. _`MAC address`: https://github.com/vyos/vyos-1x/tree/current/interface-definitions/include/interface-mac.xml.i diff --git a/docs/contributing/issues-features.rst b/docs/contributing/issues-features.rst index fd6225b9..3a1738d7 100644 --- a/docs/contributing/issues-features.rst +++ b/docs/contributing/issues-features.rst @@ -66,7 +66,7 @@ please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project. -.. _documentation: https://vyos.redthedocs.io +.. _documentation: https://docs.vyos.io .. _Slack: https://slack.vyos.io .. _Forum: https://forum.vyos.io .. _Phabricator: https://phabricator.vyos.net
\ No newline at end of file diff --git a/docs/firewall.rst b/docs/firewall.rst index 59bbaa31..f6967850 100644 --- a/docs/firewall.rst +++ b/docs/firewall.rst @@ -3,7 +3,7 @@ Firewall ======== -VyOS makes use of Linux `netfilter <http://netfilter.org/>`_ for packet filtering. +VyOS makes use of Linux `netfilter <https://netfilter.org/>`_ for packet filtering. The firewall supports the creation of groups for ports, addresses, and networks (implemented using netfilter ipset) and the option of interface or zone based diff --git a/docs/history.rst b/docs/history.rst index b1393520..25affaf8 100644 --- a/docs/history.rst +++ b/docs/history.rst @@ -8,13 +8,13 @@ VyOS is a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality. The VyOS project was started in late 2013 as a community fork of the -`GPL <http://en.wikipedia.org/wiki/GNU_General_Public_License>`_ portions of +`GPL <https://en.wikipedia.org/wiki/GNU_General_Public_License>`_ portions of Vyatta Core 6.6R1 with the goal of maintaining a free and open source network operating system in response to the decision to discontinue the community edition of Vyatta. Here everyone loves learning, older managers and new users. -VyOS is primarily based on `Debian GNU/Linux <http://www.debian.org/>`_ and the -`Quagga <http://www.nongnu.org/quagga/>`_ routing engine. Its configuration +VyOS is primarily based on `Debian GNU/Linux <https://www.debian.org/>`_ and +the `Quagga <http://www.nongnu.org/quagga/>`_ routing engine. Its configuration syntax and :ref:`cli` are loosely derived from Juniper JUNOS as modelled by the `XORP project <http://www.xorp.org/>`_, which was the original routing engine for Vyatta. diff --git a/docs/index.rst b/docs/index.rst index 48fce5b6..8305b344 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -67,4 +67,25 @@ VyOS User Guide contributing/build-vyos contributing/issues-features contributing/development - contributing/documentation
\ No newline at end of file + contributing/documentation + + +################ +Copyright Notice +################ + +Copyright (C) 2018-2019 VyOS maintainers and contributors + +Permission is granted to make and distribute verbatim copies of this manual +provided the copyright notice and this permission notice are preserved on all +copies. + +Permission is granted to copy and distribute modified versions of this manual +under the conditions for verbatim copying, provided that the entire resulting +derived work is distributed under the terms of a permission notice identical +to this one. + +Permission is granted to copy and distribute translations of this manual into +another language, under the above conditions for modified versions, except that +this permission notice may be stated in a translation approved by the VyOS +maintainers.
\ No newline at end of file diff --git a/docs/install.rst b/docs/install.rst index c42eda6b..1bd6c87e 100644 --- a/docs/install.rst +++ b/docs/install.rst @@ -275,7 +275,7 @@ Requirements * A **HTTP server** (optional, but we will use it to speed up intallation) * The **VyOS ISO** image to be installed (do not use images prior to VyOS 1.2.3) * The ``pxelinux.0`` and ``ldlinux.c32`` files from the Syslinux distribution - https://kernel.org/pub/linux/utils/boot/syslinux/ + https://mirrors.edge.kernel.org/pub/linux/utils/boot/syslinux/ Step 1: DHCP ^^^^^^^^^^^^ diff --git a/docs/interfaces/l2tpv3.rst b/docs/interfaces/l2tpv3.rst index 4574e731..a53c7b1d 100644 --- a/docs/interfaces/l2tpv3.rst +++ b/docs/interfaces/l2tpv3.rst @@ -117,4 +117,4 @@ L2TPv3: set interfaces l2tpv3 l2tpeth0 source-port '5000' set interfaces l2tpv3 l2tpeth0 tunnel-id '10' -.. _`Wikipedia L2TPv3`: http://en.wikipedia.org/wiki/L2TPv3 +.. _`Wikipedia L2TPv3`: https://en.wikipedia.org/wiki/L2TPv3 diff --git a/docs/interfaces/tunnel.rst b/docs/interfaces/tunnel.rst index 98d3766c..87de9000 100644 --- a/docs/interfaces/tunnel.rst +++ b/docs/interfaces/tunnel.rst @@ -201,5 +201,5 @@ Results in: description "Description" } -.. _`other proposals`: https://www.isc.org/downloads/aftr +.. _`other proposals`: https://www.isc.org/othersoftware/ .. _`Hurricane Electric`: https://tunnelbroker.net/ diff --git a/docs/nat.rst b/docs/nat.rst index a8475978..714697d3 100644 --- a/docs/nat.rst +++ b/docs/nat.rst @@ -152,7 +152,7 @@ To setup a destination NAT rule we need to gather: In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. -For other common port numbers, see: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers +For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers Our configuration commands would be: @@ -469,4 +469,4 @@ Start by checking for IPSec SAs (Security Associations) with: That looks good - we defined 2 tunnels and they're both up and running. -.. _ULAs: http://en.wikipedia.org/wiki/Unique_local_address +.. _ULAs: https://en.wikipedia.org/wiki/Unique_local_address diff --git a/docs/qos.rst b/docs/qos.rst index f3b3d36c..72666d3d 100644 --- a/docs/qos.rst +++ b/docs/qos.rst @@ -1372,7 +1372,7 @@ tcp .. note:: You must set ipv6 protocol to TCP to use the TCP filters. .. note:: This filter will only match IPv6 packets with no header extension, see - http://en.wikipedia.org/wiki/IPv6_packet#Extension_headers for no header + https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers for no header extension. .. code-block:: none @@ -1406,7 +1406,7 @@ vif set interfaces ethernet eth0 traffic-policy out 'WAN-OUT' set interfaces ethernet eth1 traffic-policy out 'LAN-OUT' -.. _tc: http://en.wikipedia.org/wiki/Tc_(Linux) +.. _tc: https://en.wikipedia.org/wiki/Tc_(Linux) .. _TBF: https://en.wikipedia.org/wiki/Token_bucket .. _HFSC: https://en.wikipedia.org/wiki/Hierarchical_fair-service_curve -.. _IFB: http://www.linuxfoundation.org/collaborate/workgroups/networking/ifb +.. _IFB: https://www.linuxfoundation.org/collaborate/workgroups/networking/ifb diff --git a/docs/quick-start.rst b/docs/quick-start.rst index 9eee49a6..ad0d896f 100644 --- a/docs/quick-start.rst +++ b/docs/quick-start.rst @@ -211,4 +211,4 @@ SSH: Commit and save. -.. _tc: http://en.wikipedia.org/wiki/Tc_(Linux) +.. _tc: https://en.wikipedia.org/wiki/Tc_(Linux) diff --git a/docs/services/references.rst b/docs/services/references.rst index 408d5288..7d9ae82c 100644 --- a/docs/services/references.rst +++ b/docs/services/references.rst @@ -1,5 +1,5 @@ .. _`Cisco Discovery Protocol`: https://en.wikipedia.org/wiki/Cisco_Discovery_Protocol -.. _ddclient: http://sourceforge.net/p/ddclient/wiki/Home/ +.. _ddclient: https://sourceforge.net/p/ddclient/wiki/Home/ .. _`Foundry Discovery Protocol`: https://en.wikipedia.org/wiki/Foundry_Discovery_Protocol .. _MIB: https://en.wikipedia.org/wiki/Management_information_base .. _SNMP: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol diff --git a/docs/troubleshooting.rst b/docs/troubleshooting.rst index 148bce4c..b3b8ff3d 100644 --- a/docs/troubleshooting.rst +++ b/docs/troubleshooting.rst @@ -335,7 +335,7 @@ These are the boot steps for VyOS 1.2 11. Finally it runs the post-config script ``/config/scripts/vyos-postconfig-bootup.script`` -.. _Quagga: http://www.quagga.net/ +.. _Quagga: https://www.quagga.net/ .. _`GNU Zebra`: https://www.gnu.org/software/zebra/ .. _FRR: https://frrouting.org/ .. _vyatta-cfg: https://github.com/vyos/vyatta-cfg diff --git a/docs/vpn/openvpn.rst b/docs/vpn/openvpn.rst index 1c728ef6..69961f0c 100644 --- a/docs/vpn/openvpn.rst +++ b/docs/vpn/openvpn.rst @@ -183,8 +183,8 @@ Server ====== Multi-client server is the most popular OpenVPN mode on routers. It always uses -x.509 authentication and therefore requires a PKI setup. This guide assumes you -have already setup a PKI and have a CA certificate, a server certificate and +x.509 authentication and therefore requires a PKI setup. This guide assumes +`you have already setup a PKI`_ and have a CA certificate, a server certificate and key, a certificate revocation list, a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup. @@ -254,6 +254,7 @@ internally, so we need to create a route to the 10.23.0.0/20 network ourselves: set protocols static interface-route 10.23.0.0/20 next-hop-interface vtun10 +.. _`you have already setup a PKI`: https://support.vyos.io/en/kb/articles/using-easy-rsa-to-generate-x-509-certificates-and-keys-2 Client Authentication --------------------- |