Age | Commit message (Collapse) | Author |
|
|
|
|
|
Added Pseudo-Random Functions (PRF) information
in IPSEC documentation.
|
|
|
|
|
|
There was a typo in the reference for the image added in the previous
commit, corrected that.
|
|
Added VPN IPSec connection-type recommendation for the close-action and
dpd settings.
For example close-action restart should not be added on both peers
|
|
|
|
|
|
Migration and Change boolean nodes "enable/disable" to
disable-xxxx, enable-xxxx and just xxx for VPN IPsec
configurations
- IKE changes:
- replace 'ipsec ike-group <tag> mobike disable'
=> 'ipsec ike-group <tag> disable-mobike'
- replace 'ipsec ike-group <tag> ikev2-reauth yes|no'
=> 'ipsec ike-group <tag> ikev2-reauth'
- ESP changes:
- replace 'ipsec esp-group <tag> compression enable'
=> 'ipsec esp-group <tag> compression'
- PEER changes:
- replace: 'peer <tag> id xxx'
=> 'peer <tag> local-id xxx'
- replace: 'peer <tag> force-encapsulation enable'
=> 'peer <tag> force-udp-encapsulation'
- add option: 'peer <tag> remote-address x.x.x.x'
If peer name is IPv4 or IPv6 address add remote-address via
migration script
|
|
The command to set the vpn interface is changed in the rolling release
which is not modified in many configuration examples, corrected syntax
in all pages where it is mentioned
|
|
Fixed gramma mistake in commands
|
|
The command path:
set vpn sstp ssl key-file <file>
Does not appear to exist anymore, as per https://github.com/vyos/vyos-1x/pull/1038
Can the doc be updated with instructions on SSTP setup with new command structure?
|
|
|
|
|
|
|
|
Removed the note from the firewall page as nat grouping is not added yet
Added the information about new option 'none' in the site-to-site ipsec vpn
page
|
|
|
|
|
|
Ability to set Cisco FlexVPN vendor ID payload:
charon.cisco_flexvpn = yes
charon.install_virtual_ip_on = tunX
swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z
|
|
https://phabricator.vyos.net/T1856
https://github.com/vyos/vyos-1x/pull/1230
|
|
OpenConnect lacks full documentation which would also include how to create and
add use keys from the new PKI backend. For the time beeing we should not
confuse users.
|
|
Updated OpenConnect SSL Syntax
|
|
and remote
vyos@vyos# set int tunnel tun0
Possible completions:
remote Tunnel remote address
source-address
Source IP address used to initiate connection
|
|
Updated syntax to match 1.4.x.
|
|
|
|
|
|
A private key is also needed to finish the ipsec setup which is not mentioned
in the section "Source tunnel from loopbacks/Setting up IPSec". I have added
for reference.
|
|
|
|
|
|
|
|
Modified the index files to reflect this.
Added Diagram of the VPN Topology
Modified the weird IP subnets for local& remote sites. This Included:
Changing the Interface Address for the wg01 tunnel
Chaning the WAN addresses to addrs not in the RFC1918 range (1.1.1.1 & 2.2.2.2)
Modifing the allowed IPs and static route to reflect this.
Modified the ping test to reflect this.
Added an annotated verison of the wireguard local&remote config.
Added an example of a firewall exception for wirguard (OUTSIDE_IN)
Modified the explanation for the behavior of AllowedIPs for remote clients.
Added an example of "sudo wg" to the operational commands.
Fixed typo
|
|
There were minimal grammatical and spelling mistakes in the files which I
corrected as documentation proof reading.
Also added information about few ipsec vpn parameters.
|
|
Autosectionlabel
|
|
|
|
|
|
Update l2tp "name-server" with correct syntax
|
|
RSA-Keys page was blank, so added the steps to generate and add the keys to
the VPN IPSec config.
Also corrected the IPSec/GRE page where authentication parameter was
missing before remote-id.
|
|
|
|
|
|
|
|
|
|
|