summaryrefslogtreecommitdiff
path: root/docs/configuration/vpn
AgeCommit message (Collapse)Author
2023-10-26Merge pull request #1126 from srividya0208/ipsec_vipsRobert Göhler
Added config example of vpn ipsec site-to-site
2023-10-26Added config example of vpn ipsec site-to-sitesrividya0208
2023-10-19Merge pull request #1119 from aslanvyos/patch-8Robert Göhler
Update dmvpn.rst
2023-10-18Update dmvpn.rstaslanvyos
When we put this command we got an error like: set interfaces tunnel tun100 local-ip '192.0.2.1' Configuration path: interfaces tunnel tun100 [local-ip] is not valid Set failed
2023-10-18Update site2site_ipsec.rstaslanvyos
To make easily understandable the Site-to-Site VPN ikev2 configuration for users (especially if the user is new to VyOS) made the following changes: - Added dummy interface to both routers for testing purposes - Added static route for both routers for dummy interface - Added this line of command: set vpn ipsec option disable-route-autoinstall Because when we write this line after the commit action we got an error like: WARNING: It's recommended to use ipsec vti with the next command - corrected this line: set vpn ipsec site-to-site peer OFFICE-B local-address '192.168.0.10' to this: set vpn ipsec site-to-site peer OFFICE-B local-address '172.18.201.10'
2023-09-28Added details about ipsec remote-accesssrividya0208
2023-09-04correction of ipsec compression syntax and added a referencesrividya0208
for changes done for zone based firewall
2023-06-13corrected the l2tp op commandsrividya0208
2023-05-20Update openconnect.rst correct code-blockRobert Göhler
2023-05-19ocserv: fix: indent of warning section text overflowing outside the warning boxJamie Austin
2023-05-17T3896: ocserv: openconnect: document identity based configurationJamie Austin
2023-02-26tunnel: T5034: migrate "multicast enable" CLI node to enable-multicastChristian Breunig
2023-02-05Change IPsec authentication PSK and examplesViacheslav Hletenko
2023-01-31fix build warnings and errorsrebortg
2023-01-29T4958: ocserv: openconnect: document RADIUS accountingJamie Austin
2023-01-19ipsec: T4925: Added PRF information in IPSEC documentationaapostoliuk
Added Pseudo-Random Functions (PRF) information in IPSEC documentation.
2023-01-03fix closeaction imagerebortg
2023-01-02close-action: image reference is modified from image to figuresrividya0208
2022-12-27close-action: added an image to the details.srividya0208
There was a typo in the reference for the image added in the previous commit, corrected that.
2022-12-26ipsec_closeaction: added recommendation for closeaction optionssrividya0208
Added VPN IPSec connection-type recommendation for the close-action and dpd settings. For example close-action restart should not be added on both peers
2022-12-11T4792: add initial documentation for SSTP clientChristian Poessinger
2022-11-08Modified the documentation as per the new format/syntaxsrividya0208
2022-09-29ipsec: T4118: Change IPSec syntaxViacheslav Hletenko
Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' If peer name is IPv4 or IPv6 address add remote-address via migration script
2022-09-08ipsec-interface: syntax correctionsrividya0208
The command to set the vpn interface is changed in the rolling release which is not modified in many configuration examples, corrected syntax in all pages where it is mentioned
2022-08-05openconnect: Fixed gramma mistake in commandsaapostoliuk
Fixed gramma mistake in commands
2022-08-01Update sstp.rstKav7
The command path: set vpn sstp ssl key-file <file> Does not appear to exist anymore, as per https://github.com/vyos/vyos-1x/pull/1038 Can the doc be updated with instructions on SSTP setup with new command structure?
2022-07-19Add missing param to encrypt tunnelEshenko Dmitriy
2022-05-26sstp: T4444. Port number changing supportgoodNETnick
2022-05-08ocserv. Added show user OTP keygoodNETnick
2022-04-24deletion of note related to natsrividya0208
Removed the note from the firewall page as nat grouping is not added yet Added the information about new option 'none' in the site-to-site ipsec vpn page
2022-04-21OpenConnect new new syntax + OTP 2FAgoodNETnick
2022-02-23Update ipsec.rstmkorobeinikov
2022-02-23Add cisco_flexvpn and install_virtualip_on optionsmkorobeinikov
Ability to set Cisco FlexVPN vendor ID payload: charon.cisco_flexvpn = yes charon.install_virtual_ip_on = tunX swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z
2022-02-23Ability to set SA life bytes and packetsmkorobeinikov
https://phabricator.vyos.net/T1856 https://github.com/vyos/vyos-1x/pull/1230
2022-02-20openconnect: remove example b/c of missing PKIChristian Poessinger
OpenConnect lacks full documentation which would also include how to create and add use keys from the new PKI backend. For the time beeing we should not confuse users.
2022-02-20Merge pull request #704 from rickard-tpo/patch-1Christian Poessinger
Updated OpenConnect SSL Syntax
2022-02-15vpn-gre:incorrect syntax: local-ip and remote-ip changed to source-address ↵srividya0208
and remote vyos@vyos# set int tunnel tun0 Possible completions: remote Tunnel remote address source-address Source IP address used to initiate connection
2022-01-26Updated SSL Syntaxrickard-tpo
Updated syntax to match 1.4.x.
2021-12-07ESP group parametersgoodNETnick
2021-11-26IKE group parametersgoodNETnick
2021-11-18VPN IPsec: Added a note related to rsa keysrividya0208
A private key is also needed to finish the ipsec setup which is not mentioned in the section "Source tunnel from loopbacks/Setting up IPSec". I have added for reference.
2021-10-20RSA-keys updated to new syntaxgoodNETnick
2021-10-19IPsec key-pair new synthaxgoodNETnick
2021-07-11moved wg back into /interfaces dirusman-umer
2021-07-10 Moved wireguard from the interfaces to vpn directory, as it is a VPN.usman-umer
Modified the index files to reflect this. Added Diagram of the VPN Topology Modified the weird IP subnets for local& remote sites. This Included: Changing the Interface Address for the wg01 tunnel Chaning the WAN addresses to addrs not in the RFC1918 range (1.1.1.1 & 2.2.2.2) Modifing the allowed IPs and static route to reflect this. Modified the ping test to reflect this. Added an annotated verison of the wireguard local&remote config. Added an example of a firewall exception for wirguard (OUTSIDE_IN) Modified the explanation for the behavior of AllowedIPs for remote clients. Added an example of "sudo wg" to the operational commands. Fixed typo
2021-06-30configuration page: corrected spelling and grammatical mistakessrividya0208
There were minimal grammatical and spelling mistakes in the files which I corrected as documentation proof reading. Also added information about few ipsec vpn parameters.
2021-06-11Merge pull request #546 from rebortg/autosectionlabelRobert Göhler
Autosectionlabel
2021-06-11autosectionlabel: add custom headline refrebortg
2021-06-06ipsec: T3588: remove obsolete CLI commands for NATChristian Poessinger
2021-02-10Update l2tp.rstOliver Dickins
Update l2tp "name-server" with correct syntax