summaryrefslogtreecommitdiff
path: root/docs/configuration/vpn
AgeCommit message (Collapse)Author
2024-01-22Updated DPD and close-action values in IPSECaapostoliuk
Changed from 'hold' to 'trap' and from 'restart' to 'start' in close-action. Changed from 'hold' to 'trap' in DPD action. (cherry picked from commit cfb7e8186d83e45092f361f9717c9542bfad053b)
2023-12-30accel-ppp: T5688: Changing CLI to create client address poolaapostoliuk
Changing CLI to create client address pool (cherry picked from commit 1096cbcf95f96334d773ab98cce9d26d311f9e51)
2023-12-02vpn: update site2site VTI exampleChristian Breunig
(cherry picked from commit 0429c317884d8951cbf2e432981edeacd426f3ed)
2023-11-24ipsec: gre: use dummy interface in example over loopbackChristian Breunig
(cherry picked from commit 5953d6f69748c82cbd9eafbe662163924ae719e6)
2023-09-04correction of ipsec compression syntax and added a referencesrividya0208
for changes done for zone based firewall
2023-06-13corrected the l2tp op commandsrividya0208
2023-05-20Update openconnect.rst correct code-blockRobert Göhler
2023-05-19ocserv: fix: indent of warning section text overflowing outside the warning boxJamie Austin
2023-05-17T3896: ocserv: openconnect: document identity based configurationJamie Austin
2023-02-26tunnel: T5034: migrate "multicast enable" CLI node to enable-multicastChristian Breunig
2023-02-05Change IPsec authentication PSK and examplesViacheslav Hletenko
2023-01-31fix build warnings and errorsrebortg
2023-01-29T4958: ocserv: openconnect: document RADIUS accountingJamie Austin
2023-01-19ipsec: T4925: Added PRF information in IPSEC documentationaapostoliuk
Added Pseudo-Random Functions (PRF) information in IPSEC documentation.
2023-01-03fix closeaction imagerebortg
2023-01-02close-action: image reference is modified from image to figuresrividya0208
2022-12-27close-action: added an image to the details.srividya0208
There was a typo in the reference for the image added in the previous commit, corrected that.
2022-12-26ipsec_closeaction: added recommendation for closeaction optionssrividya0208
Added VPN IPSec connection-type recommendation for the close-action and dpd settings. For example close-action restart should not be added on both peers
2022-12-11T4792: add initial documentation for SSTP clientChristian Poessinger
2022-11-08Modified the documentation as per the new format/syntaxsrividya0208
2022-09-29ipsec: T4118: Change IPSec syntaxViacheslav Hletenko
Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' If peer name is IPv4 or IPv6 address add remote-address via migration script
2022-09-08ipsec-interface: syntax correctionsrividya0208
The command to set the vpn interface is changed in the rolling release which is not modified in many configuration examples, corrected syntax in all pages where it is mentioned
2022-08-05openconnect: Fixed gramma mistake in commandsaapostoliuk
Fixed gramma mistake in commands
2022-08-01Update sstp.rstKav7
The command path: set vpn sstp ssl key-file <file> Does not appear to exist anymore, as per https://github.com/vyos/vyos-1x/pull/1038 Can the doc be updated with instructions on SSTP setup with new command structure?
2022-07-19Add missing param to encrypt tunnelEshenko Dmitriy
2022-05-26sstp: T4444. Port number changing supportgoodNETnick
2022-05-08ocserv. Added show user OTP keygoodNETnick
2022-04-24deletion of note related to natsrividya0208
Removed the note from the firewall page as nat grouping is not added yet Added the information about new option 'none' in the site-to-site ipsec vpn page
2022-04-21OpenConnect new new syntax + OTP 2FAgoodNETnick
2022-02-23Update ipsec.rstmkorobeinikov
2022-02-23Add cisco_flexvpn and install_virtualip_on optionsmkorobeinikov
Ability to set Cisco FlexVPN vendor ID payload: charon.cisco_flexvpn = yes charon.install_virtual_ip_on = tunX swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z
2022-02-23Ability to set SA life bytes and packetsmkorobeinikov
https://phabricator.vyos.net/T1856 https://github.com/vyos/vyos-1x/pull/1230
2022-02-20openconnect: remove example b/c of missing PKIChristian Poessinger
OpenConnect lacks full documentation which would also include how to create and add use keys from the new PKI backend. For the time beeing we should not confuse users.
2022-02-20Merge pull request #704 from rickard-tpo/patch-1Christian Poessinger
Updated OpenConnect SSL Syntax
2022-02-15vpn-gre:incorrect syntax: local-ip and remote-ip changed to source-address ↵srividya0208
and remote vyos@vyos# set int tunnel tun0 Possible completions: remote Tunnel remote address source-address Source IP address used to initiate connection
2022-01-26Updated SSL Syntaxrickard-tpo
Updated syntax to match 1.4.x.
2021-12-07ESP group parametersgoodNETnick
2021-11-26IKE group parametersgoodNETnick
2021-11-18VPN IPsec: Added a note related to rsa keysrividya0208
A private key is also needed to finish the ipsec setup which is not mentioned in the section "Source tunnel from loopbacks/Setting up IPSec". I have added for reference.
2021-10-20RSA-keys updated to new syntaxgoodNETnick
2021-10-19IPsec key-pair new synthaxgoodNETnick
2021-07-11moved wg back into /interfaces dirusman-umer
2021-07-10 Moved wireguard from the interfaces to vpn directory, as it is a VPN.usman-umer
Modified the index files to reflect this. Added Diagram of the VPN Topology Modified the weird IP subnets for local& remote sites. This Included: Changing the Interface Address for the wg01 tunnel Chaning the WAN addresses to addrs not in the RFC1918 range (1.1.1.1 & 2.2.2.2) Modifing the allowed IPs and static route to reflect this. Modified the ping test to reflect this. Added an annotated verison of the wireguard local&remote config. Added an example of a firewall exception for wirguard (OUTSIDE_IN) Modified the explanation for the behavior of AllowedIPs for remote clients. Added an example of "sudo wg" to the operational commands. Fixed typo
2021-06-30configuration page: corrected spelling and grammatical mistakessrividya0208
There were minimal grammatical and spelling mistakes in the files which I corrected as documentation proof reading. Also added information about few ipsec vpn parameters.
2021-06-11Merge pull request #546 from rebortg/autosectionlabelRobert Göhler
Autosectionlabel
2021-06-11autosectionlabel: add custom headline refrebortg
2021-06-06ipsec: T3588: remove obsolete CLI commands for NATChristian Poessinger
2021-02-10Update l2tp.rstOliver Dickins
Update l2tp "name-server" with correct syntax
2020-12-25RSA Keys: Added information related to RSA keyssrividya0208
RSA-Keys page was blank, so added the steps to generate and add the keys to the VPN IPSec config. Also corrected the IPSec/GRE page where authentication parameter was missing before remote-id.
2020-12-11vpn: fix lint errorsrebortg