From 8f61920f01d30e2a864dc6927b0038357e56bb05 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Sun, 5 Feb 2023 12:22:36 +0000
Subject: Change IPsec authentication PSK and examples

---
 docs/configuration/interfaces/l2tpv3.rst | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

(limited to 'docs/configuration/interfaces')

diff --git a/docs/configuration/interfaces/l2tpv3.rst b/docs/configuration/interfaces/l2tpv3.rst
index bd5d6862..897e38dc 100644
--- a/docs/configuration/interfaces/l2tpv3.rst
+++ b/docs/configuration/interfaces/l2tpv3.rst
@@ -141,29 +141,26 @@ IPSec:
 
 .. code-block:: none
 
+  set vpn ipsec authentication psk <pre-shared-name> id '%any'
+  set vpn ipsec authentication psk <pre-shared-name> secret <pre-shared-key>
   set vpn ipsec interface <VPN-interface>
-  set vpn ipsec esp-group test-ESP-1 compression 'disable'
   set vpn ipsec esp-group test-ESP-1 lifetime '3600'
   set vpn ipsec esp-group test-ESP-1 mode 'transport'
   set vpn ipsec esp-group test-ESP-1 pfs 'enable'
   set vpn ipsec esp-group test-ESP-1 proposal 1 encryption 'aes128'
   set vpn ipsec esp-group test-ESP-1 proposal 1 hash 'sha1'
-  set vpn ipsec ike-group test-IKE-1 ikev2-reauth 'no'
   set vpn ipsec ike-group test-IKE-1 key-exchange 'ikev1'
   set vpn ipsec ike-group test-IKE-1 lifetime '3600'
   set vpn ipsec ike-group test-IKE-1 proposal 1 dh-group '5'
   set vpn ipsec ike-group test-IKE-1 proposal 1 encryption 'aes128'
   set vpn ipsec ike-group test-IKE-1 proposal 1 hash 'sha1'
-  set vpn ipsec site-to-site peer <peer-ip> authentication mode 'pre-shared-secret'
-  set vpn ipsec site-to-site peer <peer-ip> authentication pre-shared-secret <pre-shared-key>
-  set vpn ipsec site-to-site peer <peer-ip> connection-type 'initiate'
-  set vpn ipsec site-to-site peer <peer-ip> ike-group 'test-IKE-1'
-  set vpn ipsec site-to-site peer <peer-ip> ikev2-reauth 'inherit'
-  set vpn ipsec site-to-site peer <peer-ip> local-address <local-ip>
-  set vpn ipsec site-to-site peer <peer-ip> tunnel 1 allow-nat-networks 'disable'
-  set vpn ipsec site-to-site peer <peer-ip> tunnel 1 allow-public-networks 'disable'
-  set vpn ipsec site-to-site peer <peer-ip> tunnel 1 esp-group 'test-ESP-1'
-  set vpn ipsec site-to-site peer <peer-ip> tunnel 1 protocol 'l2tp'
+  set vpn ipsec site-to-site peer <connection-name> authentication mode 'pre-shared-secret'
+  set vpn ipsec site-to-site peer <connection-name> connection-type 'initiate'
+  set vpn ipsec site-to-site peer <connection-name> ike-group 'test-IKE-1'
+  set vpn ipsec site-to-site peer <connection-name> ikev2-reauth 'inherit'
+  set vpn ipsec site-to-site peer <connection-name> local-address <local-ip>
+  set vpn ipsec site-to-site peer <connection-name> tunnel 1 esp-group 'test-ESP-1'
+  set vpn ipsec site-to-site peer <connection-name> tunnel 1 protocol 'l2tp'
 
 Bridge:
 
-- 
cgit v1.2.3