summaryrefslogtreecommitdiff
path: root/docs/configuration
AgeCommit message (Collapse)Author
2023-11-29Merge pull request #1162 from nicolas-fort/RemoveLegacyRobert Göhler
Firewall: Remove <Legacy> firewall documentation from current branch.…
2023-11-27Firewall: Remove <Legacy> firewall documentation from current branch. 1.5 ↵Nicolas Fort
was born with new firewall structure, so no need to include this information.
2023-11-24ipsec: gre: use dummy interface in example over loopbackChristian Breunig
2023-11-23Merge pull request #1160 from tooeffayy/circinus-mdns-example-fixRobert Göhler
Fix mDNS documentation to correct Example issue
2023-11-22Merge pull request #1155 from vyos/t5753-vxlan-vnifilterChristian Breunig
vxlan: T5753: add support for VNI filtering
2023-11-22http: T5762: rename "virtual-host listen-port" -> "virtual-host port"Christian Breunig
2023-11-21Fix mDNS documentation to correct Example issuetooeffayy
2023-11-21Merge pull request #1156 from greenpsi/wireguard-pki-updateRobert Göhler
Update wireguard pki command syntax
2023-11-21http: T5762: api: make API socket backend communication the one and only defaultChristian Breunig
Why: Smoketests fail as they can not establish IPv6 connection to uvicorn backend server. https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests. While debugging those failing, it was uncovered, that uvicorn only listens on IPv4 connections vyos@vyos# netstat -tulnp | grep 8080 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN - As the CLI already has an option to move the API communication from an IP to a UNIX domain socket, the best idea is to make this the default way of communication, as we never directly talk to the API server but rather use the NGINX reverse proxy.
2023-11-18vxlan: T5753: add support for VNI filteringChristian Breunig
2023-11-17Update wireguard pki command syntaxgreenpsi
2023-11-16Nat updategreenpsi
Update some nat commands to new syntax
2023-11-15Merge pull request #1151 from vyos/frr-pim-T5733Christian Breunig
pim: igmp: T5733: adjust to latest CLI syntax
2023-11-13pim: igmp: T5733: adjust to latest CLI syntaxChristian Breunig
2023-11-13Update flowtables.rstRobert Göhler
2023-11-12Merge pull request #1144 from nicolas-fort/fwall-nat-updateRobert Göhler
Fwall nat update
2023-11-12Update flowtables.rstRobert Göhler
2023-11-09mdns: T5227, T5615, T5719: Update mDNS documentation for additional optionsIndrajit Raychaudhuri
Add mdns repeater docs for additional conf-mode and op-mode options.
2023-11-09Merge pull request #1146 from srividya0208/minor_errorsDaniil Baturin
correction of typos
2023-11-09correction of typossrividya0208
2023-11-08Firewall Update: improve documentation and split file for better experience ↵Nicolas Fort
while reading. Add brief notes regarding Flowtables and Bridge firewall, leaving a note that those documents are still under development. New explanation for Netfilter based firewall, which includes new diagrams.
2023-11-07Merge pull request #1127 from JeffWDH/masterRobert Göhler
Update ssh.rst
2023-11-01Update nat and firewall docs. Re-add zone and update several things.Nicolas Fort
2023-10-31T5699: vxlan: migrate "external" CLI know to "parameters external"Christian Breunig
2023-10-29Add "monitor log ssh" and "monitor log ssh dynamic-protection"JeffWDH
2023-10-28vxlan: T5668: add CLI knob to enable ARP/ND suppressionChristian Breunig
2023-10-28vxlan: add missing "parameters nolearning" helpChristian Breunig
2023-10-26Merge pull request #1126 from srividya0208/ipsec_vipsRobert Göhler
Added config example of vpn ipsec site-to-site
2023-10-26Added config example of vpn ipsec site-to-sitesrividya0208
2023-10-25Update nat44.rstRobert Göhler
change interface-name and interface-group
2023-10-25Revert "Revert "NAT: add interface-group documentation. ""Robert Göhler
2023-10-19Update ssh.rstJeffWDH
Added: show log ssh show log ssh dynamic-protection show ssh fingerprints show ssh fingerprints ascii show ssh dynamic-protection
2023-10-19Merge pull request #1119 from aslanvyos/patch-8Robert Göhler
Update dmvpn.rst
2023-10-19Merge pull request #1118 from aslanvyos/patch-7Robert Göhler
Update site2site_ipsec.rst
2023-10-18Fix two typos in Wireguard docVeli-Matti Helke
2023-10-18Update dmvpn.rstaslanvyos
When we put this command we got an error like: set interfaces tunnel tun100 local-ip '192.0.2.1' Configuration path: interfaces tunnel tun100 [local-ip] is not valid Set failed
2023-10-18Update site2site_ipsec.rstaslanvyos
To make easily understandable the Site-to-Site VPN ikev2 configuration for users (especially if the user is new to VyOS) made the following changes: - Added dummy interface to both routers for testing purposes - Added static route for both routers for dummy interface - Added this line of command: set vpn ipsec option disable-route-autoinstall Because when we write this line after the commit action we got an error like: WARNING: It's recommended to use ipsec vti with the next command - corrected this line: set vpn ipsec site-to-site peer OFFICE-B local-address '192.168.0.10' to this: set vpn ipsec site-to-site peer OFFICE-B local-address '172.18.201.10'
2023-10-17wireless: extend example with missing country-codeChristian Breunig
2023-10-12Revert "NAT: add interface-group documentation. "Robert Göhler
2023-10-11NAT: add interface-group documentation. Also add firewall rules for allowing ↵Nicolas Fort
destination nat connections.
2023-10-10Merge pull request #1107 from Dibins/patch-1Robert Göhler
Update wireguard.rst
2023-10-08T5630: pppoe: allow to specify MRU in addition to already configurable MTUChristian Breunig
2023-10-05Update wireguard.rstDibins
Adding proper syntax for 1.4 firewall commands
2023-10-02Second update dns.rstDibins
Based on the discussion here: https://forum.vyos.io/t/dynamic-dns-not-wollowing-web-options/12309 it seems necessary to note that setting the web-options on a given interface is not sufficient for determining the IP address when behind NAT. I've added some additional detail, which I think will make that more clear, as well as listed the commands as required to set up DDNS behind NAT. Further I updated the section on RFC2136 to accurately show address instead of interface
2023-10-02Update dns.rstShnoobins
Updated command syntax for dynamic dns - changed set service dns dynamic interface to set service dns dynamic address. Changed the login option from 'login' to 'username' Changed the web options from 'use-web' to 'web-options' Changed because I ran into the command syntax change on a 1.4 install. Updating documents to match.
2023-09-28Merge pull request #1101 from srividya0208/ikev2vpnRobert Göhler
Added details about ipsec remote-access
2023-09-28Added details about ipsec remote-accesssrividya0208
2023-09-26Merge pull request #1095 from aslanvyos/patch-2Robert Göhler
Update login.rst
2023-09-26Merge pull request #1088 from Nephiaust/2023-FirewallUpdatesRobert Göhler
Updates to the firewall pages
2023-09-22Update login.rstaslanvyos
RADIUS and TACACS configuration examples were added. Also mentioned if there is no connection between VyOS and RADIUS/TACACS servers users need to use local accounts for authentication.