summaryrefslogtreecommitdiff
path: root/docs/configuration/vpn/site2site_ipsec.rst
AgeCommit message (Collapse)Author
2024-01-19Updated DPD and close-action values in IPSECaapostoliuk
Changed from 'hold' to 'trap' and from 'restart' to 'start' in close-action. Changed from 'hold' to 'trap' in DPD action.
2023-12-02vpn: update site2site VTI exampleChristian Breunig
2023-11-16Nat updategreenpsi
Update some nat commands to new syntax
2023-10-26Merge pull request #1126 from srividya0208/ipsec_vipsRobert Göhler
Added config example of vpn ipsec site-to-site
2023-10-26Added config example of vpn ipsec site-to-sitesrividya0208
2023-10-18Update site2site_ipsec.rstaslanvyos
To make easily understandable the Site-to-Site VPN ikev2 configuration for users (especially if the user is new to VyOS) made the following changes: - Added dummy interface to both routers for testing purposes - Added static route for both routers for dummy interface - Added this line of command: set vpn ipsec option disable-route-autoinstall Because when we write this line after the commit action we got an error like: WARNING: It's recommended to use ipsec vti with the next command - corrected this line: set vpn ipsec site-to-site peer OFFICE-B local-address '192.168.0.10' to this: set vpn ipsec site-to-site peer OFFICE-B local-address '172.18.201.10'
2023-02-05Change IPsec authentication PSK and examplesViacheslav Hletenko
2023-01-03fix closeaction imagerebortg
2023-01-02close-action: image reference is modified from image to figuresrividya0208
2022-12-27close-action: added an image to the details.srividya0208
There was a typo in the reference for the image added in the previous commit, corrected that.
2022-12-26ipsec_closeaction: added recommendation for closeaction optionssrividya0208
Added VPN IPSec connection-type recommendation for the close-action and dpd settings. For example close-action restart should not be added on both peers
2022-11-08Modified the documentation as per the new format/syntaxsrividya0208
2022-09-29ipsec: T4118: Change IPSec syntaxViacheslav Hletenko
Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' If peer name is IPv4 or IPv6 address add remote-address via migration script
2022-09-08ipsec-interface: syntax correctionsrividya0208
The command to set the vpn interface is changed in the rolling release which is not modified in many configuration examples, corrected syntax in all pages where it is mentioned
2022-04-24deletion of note related to natsrividya0208
Removed the note from the firewall page as nat grouping is not added yet Added the information about new option 'none' in the site-to-site ipsec vpn page
2021-06-30configuration page: corrected spelling and grammatical mistakessrividya0208
There were minimal grammatical and spelling mistakes in the files which I corrected as documentation proof reading. Also added information about few ipsec vpn parameters.
2020-12-11vpn: fix lint errorsrebortg
2020-12-06arrange examplesrebortg