| Age | Commit message (Collapse) | Author |
|---|
|
Rewritten the SSTP server documentation (backport #1300)
|
|
|
|
Fully rewritten PPTP server documentation.
(cherry picked from commit 8cb0070b51edf550189a9ccf5f1a92bf537c3572)
|
|
Fully rewritten SSTP server documentation.
(cherry picked from commit d71c4607fa0c330a3c6269811b2126a25ceb91f7)
# Conflicts:
# docs/configuration/vpn/sstp.rst
|
|
(cherry picked from commit deb4e15e51e2b5f5b281f0e17961a5c10d036bfe)
|
|
Rewritten the L2TP documentation
Added the example 'PPPoE over L2TP' to blueprints
(cherry picked from commit 4dd84a7c4d784229209eeb4b0d72457b094e08ce)
|
|
Added PPP options documentation
(cherry picked from commit dd3537443d71b8a5481ad0e8fb1a8e4edd0ecb71)
|
|
Changed IPv6 pool documentation in accel-ppp services
to named IPv6 pools.
https://vyos.dev/T5865
(cherry picked from commit f5b79621d0c841ee9a596543a05ad1acc9130c1d)
|
|
Changed from 'hold' to 'trap' and from 'restart' to 'start'
in close-action.
Changed from 'hold' to 'trap' in DPD action.
(cherry picked from commit cfb7e8186d83e45092f361f9717c9542bfad053b)
|
|
Changing CLI to create client address pool
(cherry picked from commit 1096cbcf95f96334d773ab98cce9d26d311f9e51)
|
|
(cherry picked from commit 0429c317884d8951cbf2e432981edeacd426f3ed)
|
|
(cherry picked from commit 5953d6f69748c82cbd9eafbe662163924ae719e6)
|
|
for changes done for zone based firewall
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Added Pseudo-Random Functions (PRF) information
in IPSEC documentation.
|
|
|
|
|
|
There was a typo in the reference for the image added in the previous
commit, corrected that.
|
|
Added VPN IPSec connection-type recommendation for the close-action and
dpd settings.
For example close-action restart should not be added on both peers
|
|
|
|
|
|
Migration and Change boolean nodes "enable/disable" to
disable-xxxx, enable-xxxx and just xxx for VPN IPsec
configurations
- IKE changes:
- replace 'ipsec ike-group <tag> mobike disable'
=> 'ipsec ike-group <tag> disable-mobike'
- replace 'ipsec ike-group <tag> ikev2-reauth yes|no'
=> 'ipsec ike-group <tag> ikev2-reauth'
- ESP changes:
- replace 'ipsec esp-group <tag> compression enable'
=> 'ipsec esp-group <tag> compression'
- PEER changes:
- replace: 'peer <tag> id xxx'
=> 'peer <tag> local-id xxx'
- replace: 'peer <tag> force-encapsulation enable'
=> 'peer <tag> force-udp-encapsulation'
- add option: 'peer <tag> remote-address x.x.x.x'
If peer name is IPv4 or IPv6 address add remote-address via
migration script
|
|
The command to set the vpn interface is changed in the rolling release
which is not modified in many configuration examples, corrected syntax
in all pages where it is mentioned
|
|
Fixed gramma mistake in commands
|
|
The command path:
set vpn sstp ssl key-file <file>
Does not appear to exist anymore, as per https://github.com/vyos/vyos-1x/pull/1038
Can the doc be updated with instructions on SSTP setup with new command structure?
|
|
|
|
|
|
|
|
Removed the note from the firewall page as nat grouping is not added yet
Added the information about new option 'none' in the site-to-site ipsec vpn
page
|
|
|
|
|
|
Ability to set Cisco FlexVPN vendor ID payload:
charon.cisco_flexvpn = yes
charon.install_virtual_ip_on = tunX
swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z
|
|
https://phabricator.vyos.net/T1856
https://github.com/vyos/vyos-1x/pull/1230
|
|
OpenConnect lacks full documentation which would also include how to create and
add use keys from the new PKI backend. For the time beeing we should not
confuse users.
|
|
Updated OpenConnect SSL Syntax
|
|
and remote
vyos@vyos# set int tunnel tun0
Possible completions:
remote Tunnel remote address
source-address
Source IP address used to initiate connection
|
|
Updated syntax to match 1.4.x.
|
|
|
|
|
|
A private key is also needed to finish the ipsec setup which is not mentioned
in the section "Source tunnel from loopbacks/Setting up IPSec". I have added
for reference.
|
|
|
|
|
|
|
