Age | Commit message (Collapse) | Author |
|
Firewall: Remove <Legacy> firewall documentation from current branch.…
|
|
was born with new firewall structure, so no need to include this information.
|
|
|
|
Fix mDNS documentation to correct Example issue
|
|
vxlan: T5753: add support for VNI filtering
|
|
|
|
|
|
Update wireguard pki command syntax
|
|
Why: Smoketests fail as they can not establish IPv6 connection to uvicorn
backend server.
https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests.
While debugging those failing, it was uncovered, that uvicorn only listens on
IPv4 connections
vyos@vyos# netstat -tulnp | grep 8080
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN -
As the CLI already has an option to move the API communication from an IP to a
UNIX domain socket, the best idea is to make this the default way of
communication, as we never directly talk to the API server but rather use the
NGINX reverse proxy.
|
|
|
|
|
|
Update some nat commands to new syntax
|
|
pim: igmp: T5733: adjust to latest CLI syntax
|
|
|
|
|
|
Fwall nat update
|
|
|
|
Add mdns repeater docs for additional conf-mode and op-mode options.
|
|
correction of typos
|
|
|
|
while reading. Add brief notes regarding Flowtables and Bridge firewall, leaving a note that those documents are still under development. New explanation for Netfilter based firewall, which includes new diagrams.
|
|
Update ssh.rst
|
|
|
|
|
|
|
|
|
|
|
|
Added config example of vpn ipsec site-to-site
|
|
|
|
change interface-name and interface-group
|
|
|
|
Added:
show log ssh
show log ssh dynamic-protection
show ssh fingerprints
show ssh fingerprints ascii
show ssh dynamic-protection
|
|
Update dmvpn.rst
|
|
Update site2site_ipsec.rst
|
|
|
|
When we put this command we got an error like:
set interfaces tunnel tun100 local-ip '192.0.2.1'
Configuration path: interfaces tunnel tun100 [local-ip] is not valid
Set failed
|
|
To make easily understandable the Site-to-Site VPN ikev2 configuration for users (especially if the user is new to VyOS) made the following changes:
- Added dummy interface to both routers for testing purposes
- Added static route for both routers for dummy interface
- Added this line of command:
set vpn ipsec option disable-route-autoinstall
Because when we write this line after the commit action we got an error like:
WARNING: It's recommended to use ipsec vti with the next command
- corrected this line:
set vpn ipsec site-to-site peer OFFICE-B local-address '192.168.0.10'
to this:
set vpn ipsec site-to-site peer OFFICE-B local-address '172.18.201.10'
|
|
|
|
|
|
destination nat connections.
|
|
Update wireguard.rst
|
|
|
|
Adding proper syntax for 1.4 firewall commands
|
|
Based on the discussion here: https://forum.vyos.io/t/dynamic-dns-not-wollowing-web-options/12309 it seems necessary to note that setting the web-options on a given interface is not sufficient for determining the IP address when behind NAT.
I've added some additional detail, which I think will make that more clear, as well as listed the commands as required to set up DDNS behind NAT.
Further I updated the section on RFC2136 to accurately show address instead of interface
|
|
Updated command syntax for dynamic dns - changed set service dns dynamic interface to set service dns dynamic address.
Changed the login option from 'login' to 'username'
Changed the web options from 'use-web' to 'web-options'
Changed because I ran into the command syntax change on a 1.4 install. Updating documents to match.
|
|
Added details about ipsec remote-access
|
|
|
|
Update login.rst
|
|
Updates to the firewall pages
|
|
RADIUS and TACACS configuration examples were added.
Also mentioned if there is no connection between VyOS and RADIUS/TACACS servers users need to use local accounts for authentication.
|