diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/configuration/interfaces/openvpn.rst | 10 | ||||
-rw-r--r-- | docs/configuration/protocols/ospf.rst | 4 | ||||
-rw-r--r-- | docs/configuration/protocols/pim.rst | 4 | ||||
-rw-r--r-- | docs/configuration/service/dhcp-relay.rst | 2 | ||||
-rw-r--r-- | docs/configuration/vrf/index.rst | 2 | ||||
-rw-r--r-- | docs/introducing/history.rst | 2 |
6 files changed, 18 insertions, 6 deletions
diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index 2160e781..bfa40a7e 100644 --- a/docs/configuration/interfaces/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -71,7 +71,7 @@ In both cases, we will use the following settings: dynamic IP for our remote router. Setting up certificates ------------------------ +======================= Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity, @@ -129,7 +129,7 @@ Note: certificate names don't matter, we use 'openvpn-local' and 'openvpn-remote Repeat the procedure on the other router. Setting up OpenVPN ------------------- +================== Local Configuration: @@ -148,6 +148,7 @@ Local Configuration: set interfaces openvpn vtun1 tls certificate 'openvpn-local' # The self-signed certificate set interfaces openvpn vtun1 tls peer-fingerprint <remote cert fingerprint> # The output of 'run show pki certificate <name> fingerprint sha256 on the remote rout + Remote Configuration: .. code-block:: none @@ -163,8 +164,9 @@ Remote Configuration: set interfaces openvpn vtun1 tls certificate 'openvpn-remote' # The self-signed certificate set interfaces openvpn vtun1 tls peer-fingerprint <local cert fingerprint> # The output of 'run show pki certificate <name> fingerprint sha256 on the local router + Pre-shared keys ---------------- +=============== Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys. That option is still available but it is deprecated and will be removed in the future. @@ -200,6 +202,7 @@ Then you need to install the key on the remote router: Then you need to set the key in your OpenVPN interface settings: .. code-block:: none + set interfaces openvpn vtun1 shared-secret-key s2s Firewall Exceptions @@ -433,6 +436,7 @@ Branch 1's router might have the following lines: set interfaces openvpn vtun10 tls ca-cert ca-1 set interfaces openvpn vtun10 tls certificate branch-1 + Client Authentication ===================== diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index e360d86a..9891c77d 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -1204,7 +1204,7 @@ Interface Configuration synchronizing process of the router's database with all neighbors. The default value is 1 seconds. The interval range is 3 to 65535. -.. _ospf:v3_redistribution_config: +.. _ospf:v3_graceful_restart: Graceful Restart ---------------- @@ -1245,6 +1245,8 @@ Graceful Restart By default, it supports both planned and unplanned outages. +.. _ospf:v3_redistribution_config: + Redistribution Configuration ---------------------------- diff --git a/docs/configuration/protocols/pim.rst b/docs/configuration/protocols/pim.rst index 1b97697d..2e881943 100644 --- a/docs/configuration/protocols/pim.rst +++ b/docs/configuration/protocols/pim.rst @@ -180,6 +180,8 @@ IGMP - Internet Group Management Protocol) Configure watermark warning generation for an IGMP group limit. Generates warning once the configured group limit is reached while adding new groups. +.. _pim:igmp_interface_commands: + Interface specific commands =========================== @@ -202,7 +204,7 @@ Interface specific commands Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is not returned in the specified time, it will be assumed the (S,G) or - (*,G) state :rfc:`7761#section-4.1` has timed out. + (\*,G) state :rfc:`7761#section-4.1` has timed out. .. cfgcmd:: set protocols pim interface <interface> igmp version <version-number> diff --git a/docs/configuration/service/dhcp-relay.rst b/docs/configuration/service/dhcp-relay.rst index e1fbe1d2..dc45d071 100644 --- a/docs/configuration/service/dhcp-relay.rst +++ b/docs/configuration/service/dhcp-relay.rst @@ -154,6 +154,8 @@ Configuration Disable dhcpv6-relay service. +.. _dhcp_relay:v6_options: + Options ------- diff --git a/docs/configuration/vrf/index.rst b/docs/configuration/vrf/index.rst index dea53321..0ead2b9d 100644 --- a/docs/configuration/vrf/index.rst +++ b/docs/configuration/vrf/index.rst @@ -282,6 +282,8 @@ Configuration VRF and NAT ----------- +.. _vrf:nat_configuration: + Configuration ^^^^^^^^^^^^^ diff --git a/docs/introducing/history.rst b/docs/introducing/history.rst index daf3e2a1..40b99b02 100644 --- a/docs/introducing/history.rst +++ b/docs/introducing/history.rst @@ -110,7 +110,7 @@ Sagitta (the Arrow) is the codename of the current development branch, so there's no VyOS 1.4 yet. Circinus (1.5) -------------- +-------------- Circinus (the Compass) is the codename of the upcoming development branch, so there's no VyOS 1.5 yet. |