msgid "" msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Localazy (https://localazy.com)\n" "Project-Id-Version: VyOS Documentation\n" "Language: ja\n" "Plural-Forms: nplurals=1; plural=0;\n" #: ../../configexamples/zone-policy.rst:152 msgid "''It is important to note, that you do not want to add logging to the established state rule as you will be logging both the inbound and outbound packets for each session instead of just the initiation of the session. Your logs will be massive in a very short period of time.''" msgstr "''It is important to note, that you do not want to add logging to the established state rule as you will be logging both the inbound and outbound packets for each session instead of just the initiation of the session. Your logs will be massive in a very short period of time.''" #: ../../configexamples/azure-vpn-bgp.rst:117 msgid "**Important**: Add an interface route to reach Azure's BGP listener" msgstr "**Important**: Add an interface route to reach Azure's BGP listener" #: ../../configexamples/azure-vpn-dual-bgp.rst:134 msgid "**Important**: Add an interface route to reach both Azure's BGP listeners" msgstr "**Important**: Add an interface route to reach both Azure's BGP listeners" #: ../../configexamples/azure-vpn-dual-bgp.rst:156 msgid "**Important**: Disable connected check, otherwise the routes learned from Azure will not be imported into the routing table." msgstr "**Important**: Disable connected check, otherwise the routes learned from Azure will not be imported into the routing table." #: ../../configexamples/azure-vpn-bgp.rst:133 msgid "**Important**: Disable connected check \\" msgstr "**Important**: Disable connected check \\" #: ../../configexamples/l3vpn-hub-and-spoke.rst:46 msgid "**NOTE:** VyOS Router (tested with VyOS 1.4-rolling-202110310317) – The configurations below are specifically for VyOS 1.4.x." msgstr "**NOTE:** VyOS Router (tested with VyOS 1.4-rolling-202110310317) – The configurations below are specifically for VyOS 1.4.x." #: ../../configexamples/l3vpn-hub-and-spoke.rst:1123 msgid "**Note:** At the moment, trace mpls doesn’t show labels/paths. So we’ll see * * * for the transit routers of the mpls backbone." msgstr "**Note:** At the moment, trace mpls doesn’t show labels/paths. So we’ll see * * * for the transit routers of the mpls backbone." #: ../../configexamples/zone-policy.rst:24 msgid "**This specific example is for a router on a stick, but is very easily adapted for however many NICs you have**:" msgstr "**This specific example is for a router on a stick, but is very easily adapted for however many NICs you have**:" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:5 msgid "**Virtual Routing and Forwarding** is a technology that allow multiple instance of a routing table to exist within a single device. One of the key aspect of **VRFs** is that do not share the same routes or interfaces, therefore packets are forwarded between interfaces that belong to the same VRF only." msgstr "**Virtual Routing and Forwarding** is a technology that allow multiple instance of a routing table to exist within a single device. One of the key aspect of **VRFs** is that do not share the same routes or interfaces, therefore packets are forwarded between interfaces that belong to the same VRF only." #: ../../configexamples/ha.rst:389 msgid "**offsite1**" msgstr "**offsite1**" #: ../../configexamples/ha.rst:201 #: ../../configexamples/ha.rst:237 #: ../../configexamples/ha.rst:366 #: ../../configexamples/ha.rst:540 msgid "**router1**" msgstr "**router1**" #: ../../configexamples/ha.rst:215 #: ../../configexamples/ha.rst:250 #: ../../configexamples/ha.rst:581 msgid "**router2**" msgstr "**router2**" #: ../../configexamples/ha.rst:70 msgid "100: 'Public' network, using our 203.0.113.0/24 network." msgstr "100: 'Public' network, using our 203.0.113.0/24 network." #: ../../configexamples/azure-vpn-bgp.rst:38 #: ../../configexamples/azure-vpn-dual-bgp.rst:35 msgid "10.0.0.0/16" msgstr "10.0.0.0/16" #: ../../configexamples/azure-vpn-bgp.rst:46 msgid "10.0.0.4" msgstr "10.0.0.4" #: ../../configexamples/azure-vpn-dual-bgp.rst:45 msgid "10.0.0.4,10.0.0.5" msgstr "10.0.0.4,10.0.0.5" #: ../../configexamples/azure-vpn-bgp.rst:36 #: ../../configexamples/azure-vpn-dual-bgp.rst:33 msgid "10.10.0.0/16" msgstr "10.10.0.0/16" #: ../../configexamples/azure-vpn-bgp.rst:42 #: ../../configexamples/azure-vpn-dual-bgp.rst:39 msgid "10.10.0.5" msgstr "10.10.0.5" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:87 msgid "10.1.1.0/30" msgstr "10.1.1.0/30" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:93 msgid "10.2.2.0/30" msgstr "10.2.2.0/30" #: ../../configexamples/l3vpn-hub-and-spoke.rst:91 msgid "10.50.50.1:1011" msgstr "10.50.50.1:1011" #: ../../configexamples/l3vpn-hub-and-spoke.rst:93 msgid "10.60.60.1:1011" msgstr "10.60.60.1:1011" #: ../../configexamples/l3vpn-hub-and-spoke.rst:88 msgid "10.80.80.1:1011" msgstr "10.80.80.1:1011" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:89 msgid "172.16.2.0/30" msgstr "172.16.2.0/30" #: ../../configexamples/qos.rst:136 msgid "172.17.1.2/24 CS0" msgstr "172.17.1.2/24 CS0" #: ../../configexamples/qos.rst:143 msgid "172.17.1.2/24 CS0 - > CS4" msgstr "172.17.1.2/24 CS0 - > CS4" #: ../../configexamples/qos.rst:150 msgid "172.17.1.2/24 CS4 - > CS5" msgstr "172.17.1.2/24 CS4 - > CS5" #: ../../configexamples/qos.rst:26 msgid "172.17.1.2 CS0 -> CS4" msgstr "172.17.1.2 CS0 -> CS4" #: ../../configexamples/qos.rst:27 msgid "172.17.1.3 CS0 -> CS5" msgstr "172.17.1.3 CS0 -> CS5" #: ../../configexamples/qos.rst:29 msgid "172.17.1.40 CS0 by default" msgstr "172.17.1.40 CS0 by default" #: ../../configexamples/qos.rst:28 msgid "172.17.1.4 CS0 -> CS6" msgstr "172.17.1.4 CS0 -> CS6" #: ../../configexamples/zone-policy.rst:35 msgid "192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can SSH to VyOS." msgstr "192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can SSH to VyOS." #: ../../configexamples/zone-policy.rst:33 msgid "192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and mail (SMTP/IMAP) server." msgstr "192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and mail (SMTP/IMAP) server." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:91 msgid "192.168.3.0/30" msgstr "192.168.3.0/30" #: ../../configexamples/azure-vpn-bgp.rst:40 #: ../../configexamples/azure-vpn-dual-bgp.rst:37 msgid "198.51.100.3" msgstr "198.51.100.3" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:87 msgid "2001:db8::/127" msgstr "2001:db8::/127" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:89 msgid "2001:db8::2/127" msgstr "2001:db8::2/127" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:91 msgid "2001:db8::4/127" msgstr "2001:db8::4/127" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:93 msgid "2001:db8::6/127" msgstr "2001:db8::6/127" #: ../../configexamples/ha.rst:71 msgid "201: 'Internal' network, using 10.200.201.0/24" msgstr "201: 'Internal' network, using 10.200.201.0/24" #: ../../configexamples/azure-vpn-bgp.rst:44 #: ../../configexamples/azure-vpn-dual-bgp.rst:41 msgid "203.0.113.2" msgstr "203.0.113.2" #: ../../configexamples/azure-vpn-dual-bgp.rst:43 msgid "203.0.113.3" msgstr "203.0.113.3" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:20 msgid "2 private subnets on each site." msgstr "2 private subnets on each site." #: ../../configexamples/l3vpn-hub-and-spoke.rst:35 msgid "2 x Route reflectors (VyOS-RRx)" msgstr "2 x Route reflectors (VyOS-RRx)" #: ../../configexamples/l3vpn-hub-and-spoke.rst:38 msgid "3 x Customer Edge (VyOS-CEx)" msgstr "3 x Customer Edge (VyOS-CEx)" #: ../../configexamples/l3vpn-hub-and-spoke.rst:37 msgid "3 x Provider Edge (VyOs-PEx)" msgstr "3 x Provider Edge (VyOs-PEx)" #: ../../configexamples/l3vpn-hub-and-spoke.rst:36 msgid "4 x Provider routers (VyOS-Px)" msgstr "4 x Provider routers (VyOS-Px)" #: ../../configexamples/ha.rst:69 msgid "50: Upstream, using the 192.0.2.0/24 network allocated by them." msgstr "50: Upstream, using the 192.0.2.0/24 network allocated by them." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102 msgid "64496:1" msgstr "64496:1" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108 msgid "64496:100" msgstr "64496:100" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104 msgid "64496:2" msgstr "64496:2" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106 msgid "64496:50" msgstr "64496:50" #: ../../configexamples/azure-vpn-bgp.rst:50 #: ../../configexamples/azure-vpn-dual-bgp.rst:49 msgid "64499" msgstr "64499" #: ../../configexamples/l3vpn-hub-and-spoke.rst:91 #: ../../configexamples/l3vpn-hub-and-spoke.rst:93 msgid "65035:1011" msgstr "65035:1011" #: ../../configexamples/l3vpn-hub-and-spoke.rst:88 msgid "65035:1011 65035:1030" msgstr "65035:1011 65035:1030" #: ../../configexamples/l3vpn-hub-and-spoke.rst:88 #: ../../configexamples/l3vpn-hub-and-spoke.rst:91 #: ../../configexamples/l3vpn-hub-and-spoke.rst:93 msgid "65035:1030" msgstr "65035:1030" #: ../../configexamples/azure-vpn-bgp.rst:52 #: ../../configexamples/azure-vpn-dual-bgp.rst:51 msgid "65540" msgstr "65540" #: ../../configexamples/qos.rst:62 msgid "ADDRESS10 change CS0 -> CS4 source 172.17.1.2/32" msgstr "ADDRESS10 change CS0 -> CS4 source 172.17.1.2/32" #: ../../configexamples/qos.rst:63 msgid "ADDRESS20 change CS0 -> CS5 source 172.17.1.3/32" msgstr "ADDRESS20 change CS0 -> CS5 source 172.17.1.3/32" #: ../../configexamples/qos.rst:64 msgid "ADDRESS30 change CS0 -> CS6 source 172.17.1.4/32" msgstr "ADDRESS30 change CS0 -> CS6 source 172.17.1.4/32" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:28 msgid "A brief excursion into VRFs: This has been one of the longest-standing feature requests of VyOS (dating back to 2016) which can be described as \"a VLAN for layer 2 is what a VRF is for layer 3\". With VRFs, a router/system can hold multiple, isolated routing tables on the same system. If you wonder what's the difference between multiple tables that people used for policy-based routing since forever, it's that a VRF also isolates connected routes rather than just static and dynamically learned routes, so it allows NICs in different VRFs to use conflicting network ranges without issues." msgstr "A brief excursion into VRFs: This has been one of the longest-standing feature requests of VyOS (dating back to 2016) which can be described as \"a VLAN for layer 2 is what a VRF is for layer 3\". With VRFs, a router/system can hold multiple, isolated routing tables on the same system. If you wonder what's the difference between multiple tables that people used for policy-based routing since forever, it's that a VRF also isolates connected routes rather than just static and dynamically learned routes, so it allows NICs in different VRFs to use conflicting network ranges without issues." #: ../../configexamples/azure-vpn-bgp.rst:26 #: ../../configexamples/azure-vpn-dual-bgp.rst:23 msgid "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device." msgstr "A connection resource deployed in Azure linking the Azure VNet gateway and the local network gateway representing the Vyos device." #: ../../configexamples/index.rst:38 msgid "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test." msgstr "A host ``vyos-oobm`` will use as a ssh proxy. This host is just necessary for the Lab test." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:312 msgid "A key point to understand is that if we need two VRFs to communicate between each other EXPORT rt from VRF1 has to be in the IMPORT rt list from VRF2. But this is only in ONE direction, to complete the communication the EXPORT rt from VRF2 has to be in the IMPORT rt list from VRF1." msgstr "A key point to understand is that if we need two VRFs to communicate between each other EXPORT rt from VRF1 has to be in the IMPORT rt list from VRF2. But this is only in ONE direction, to complete the communication the EXPORT rt from VRF2 has to be in the IMPORT rt list from VRF1." #: ../../configexamples/azure-vpn-bgp.rst:21 #: ../../configexamples/azure-vpn-dual-bgp.rst:18 msgid "A local network gateway deployed in Azure representing the Vyos device, matching the below Vyos settings except for address space, which only requires the Vyos private IP, in this example 10.10.0.5/32" msgstr "A local network gateway deployed in Azure representing the Vyos device, matching the below Vyos settings except for address space, which only requires the Vyos private IP, in this example 10.10.0.5/32" #: ../../configexamples/azure-vpn-dual-bgp.rst:15 msgid "A pair of Azure VNet Gateways deployed in active-active configuration with BGP enabled." msgstr "A pair of Azure VNet Gateways deployed in active-active configuration with BGP enabled." #: ../../configexamples/azure-vpn-bgp.rst:18 msgid "A pair of Azure VNet Gateways deployed in active-passive configuration with BGP enabled." msgstr "A pair of Azure VNet Gateways deployed in active-passive configuration with BGP enabled." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:16 msgid "A public, routable IPv4 address. This does not necessarily need to be static, but you will need to update the tunnel endpoint when/if your IP address changes, which can be done with a script and a scheduled task." msgstr "A public, routable IPv4 address. This does not necessarily need to be static, but you will need to update the tunnel endpoint when/if your IP address changes, which can be done with a script and a scheduled task." #: ../../configexamples/wan-load-balancing.rst:126 #: ../../configexamples/wan-load-balancing.rst:136 msgid "A rule order for prioritizing traffic is useful in scenarios where the secondary link has a lower speed and should only carry high priority traffic. It is assumed for this example that eth1 is connected to a slower connection than eth0 and should prioritize VoIP traffic." msgstr "A rule order for prioritizing traffic is useful in scenarios where the secondary link has a lower speed and should only carry high priority traffic. It is assumed for this example that eth1 is connected to a slower connection than eth0 and should prioritize VoIP traffic." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:41 msgid "A simple solution could be using different routing tables, or VRFs for all the networks so we can keep the routing restrictions. But for us to route between the different VRFs we would need a cable or a logical connection between each other:" msgstr "A simple solution could be using different routing tables, or VRFs for all the networks so we can keep the routing restrictions. But for us to route between the different VRFs we would need a cable or a logical connection between each other:" #: ../../configexamples/fwall-and-bridge.rst:25 msgid "Accept access to router itself." msgstr "Accept access to router itself." #: ../../configexamples/fwall-and-bridge.rst:21 #: ../../configexamples/fwall-and-bridge.rst:32 msgid "Accept all ARP packets." msgstr "Accept all ARP packets." #: ../../configexamples/fwall-and-bridge.rst:30 msgid "Accept all DHCP discover packets." msgstr "Accept all DHCP discover packets." #: ../../configexamples/fwall-and-bridge.rst:33 msgid "Accept all IPv4 connections." msgstr "Accept all IPv4 connections." #: ../../configexamples/fwall-and-bridge.rst:31 msgid "Accept only DHCP offers from valid server and|or trusted bridge port." msgstr "Accept only DHCP offers from valid server and|or trusted bridge port." #: ../../configexamples/fwall-and-bridge.rst:17 msgid "Accept only IPv6 communication whithin the bridge." msgstr "Accept only IPv6 communication whithin the bridge." #: ../../configexamples/fwall-and-bridge.rst:270 msgid "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" msgstr "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:19 msgid "Account at https://www.tunnelbroker.net/" msgstr "Account at https://www.tunnelbroker.net/" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:21 msgid "Active Directory on Windows server" msgstr "Active Directory on Windows server" #: ../../configexamples/ha.rst:161 msgid "Add (temporary) default route" msgstr "Add (temporary) default route" #: ../../configexamples/ansible.rst:99 msgid "Add a simple playbook with the tasks for each router:" msgstr "Add a simple playbook with the tasks for each router:" #: ../../configexamples/ansible.rst:73 msgid "Add all the VyOS hosts:" msgstr "Add all the VyOS hosts:" #: ../../configexamples/ansible.rst:73 msgid "Add all the hosts of VyOS:" msgstr "Add all the hosts of VyOS:" #: ../../configexamples/ansible.rst:85 msgid "Add general variables:" msgstr "Add general variables:" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:47 msgid "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`" msgstr "Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`" #: ../../configexamples/ansible.rst:99 msgid "Add the simple playbook with the tasks for each router:" msgstr "Add the simple playbook with the tasks for each router:" #: ../../configexamples/wan-load-balancing.rst:167 msgid "Adding a rule for the second interface" msgstr "Adding a rule for the second interface" #: ../../configexamples/ha.rst:498 msgid "Advertise connected routes" msgstr "Advertise connected routes" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:87 msgid "After all is done and commit, let's take a look if the Wireguard interface is up and running." msgstr "After all is done and commit, let's take a look if the Wireguard interface is up and running." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:324 msgid "After configured all the VRFs involved in this topology we take a deeper look at both BGP and Routing table for the VRF LAN1" msgstr "After configured all the VRFs involved in this topology we take a deeper look at both BGP and Routing table for the VRF LAN1" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:206 msgid "After some testing, we can check IPSec status, and counter on every tunnel:" msgstr "After some testing, we can check IPSec status, and counter on every tunnel:" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:206 msgid "After some testing, we can check ipsec status, and counter on every tunnel:" msgstr "After some testing, we can check ipsec status, and counter on every tunnel:" #: ../../configexamples/qos.rst:81 msgid "After the interface eth0 on router VyOS3" msgstr "After the interface eth0 on router VyOS3" #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:51 msgid "After this, we need the DHCP-Server and Relay configuration. To get a testable result, we just have one IP in the DHCP range. Expand it as you need it." msgstr "After this, we need the DHCP-Server and Relay configuration. To get a testable result, we just have one IP in the DHCP range. Expand it as you need it." #: ../../configexamples/autotest/Wireguard/Wireguard.rst:52 msgid "After you have each public key. The wireguard interfaces can be setup." msgstr "After you have each public key. The wireguard interfaces can be setup." #: ../../configexamples/wan-load-balancing.rst:28 msgid "All outgoing packets are assigned the source address of the assigned interface (SNAT)." msgstr "All outgoing packets are assigned the source address of the assigned interface (SNAT)." #: ../../configexamples/wan-load-balancing.rst:24 msgid "All traffic coming in through eth2 is balanced between eth0 and eth1 on the router." msgstr "All traffic coming in through eth2 is balanced between eth0 and eth1 on the router." #: ../../configexamples/pppoe-ipv6-basic.rst:88 msgid "Allow DHCPv6 packets for router" msgstr "Allow DHCPv6 packets for router" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:34 msgid "Allow DNS requests only only for local networks." msgstr "Allow DNS requests only only for local networks." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:36 msgid "Allow ICMP on all interfaces." msgstr "Allow ICMP on all interfaces." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:32 msgid "Allow access to the router only from trusted networks." msgstr "Allow access to the router only from trusted networks." #: ../../configexamples/pppoe-ipv6-basic.rst:86 msgid "Allow all established and related traffic for router and LAN" msgstr "Allow all established and related traffic for router and LAN" #: ../../configexamples/pppoe-ipv6-basic.rst:87 msgid "Allow all icmpv6 packets for router and LAN" msgstr "Allow all icmpv6 packets for router and LAN" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:38 msgid "Allow all new connections from local subnets." msgstr "Allow all new connections from local subnets." #: ../../configexamples/fwall-and-vrf.rst:29 msgid "Allow connection to PROD." msgstr "Allow connection to PROD." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 msgid "Allow connections from LANs to LANs through the tunnel." msgstr "Allow connections from LANs to LANs through the tunnel." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 msgid "Allow connections from LANs to LANs throught the tunnel." msgstr "Allow connections from LANs to LANs throught the tunnel." #: ../../configexamples/fwall-and-vrf.rst:20 msgid "Allow connections to LAN and PROD." msgstr "Allow connections to LAN and PROD." #: ../../configexamples/fwall-and-vrf.rst:24 msgid "Allow connections to PROD." msgstr "Allow connections to PROD." #: ../../configexamples/fwall-and-bridge.rst:37 msgid "Allow connections to bridge br1." msgstr "Allow connections to bridge br1." #: ../../configexamples/fwall-and-bridge.rst:26 msgid "Allow connections to internet" msgstr "Allow connections to internet" #: ../../configexamples/fwall-and-vrf.rst:25 msgid "Allow connections to internet(WAN)." msgstr "Allow connections to internet(WAN)." #: ../../configexamples/fwall-and-bridge.rst:36 msgid "Allow connections to internet." msgstr "Allow connections to internet." #: ../../configexamples/fwall-and-vrf.rst:22 msgid "Allow connections to the router." msgstr "Allow connections to the router." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:34 msgid "Allow dns requests only only for local networks." msgstr "Allow dns requests only only for local networks." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:36 msgid "Allow icmp on all interfaces." msgstr "Allow icmp on all interfaces." #: ../../configexamples/fwall-and-vrf.rst:103 msgid "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" msgstr "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" #: ../../configexamples/fwall-and-bridge.rst:84 msgid "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." msgstr "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:220 msgid "Also, we can check firewall counters:" msgstr "Also, we can check firewall counters:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:716 msgid "Also we can verify how PE devices receives VPNv4 networks from the RRs and installing them to the specific customer VRFs:" msgstr "Also we can verify how PE devices receives VPNv4 networks from the RRs and installing them to the specific customer VRFs:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:20 msgid "An L3VPN consists of multiple access links, multiple VPN routing and forwarding (VRF) tables, and multiple MPLS paths or multiple P2MP LSPs. An L3VPN can be configured to connect two or more customer sites. In hub-and-spoke MPLS L3VPN environments, the spoke routers need to have unique Route Distinguishers (RDs). In order to use the hub site as a transit point for connectivity in such an environment, the spoke sites export their routes to the hub. Spokes can talk to hubs, but never have direct paths to other spokes. All traffic between spokes is controlled and delivered over the hub site." msgstr "An L3VPN consists of multiple access links, multiple VPN routing and forwarding (VRF) tables, and multiple MPLS paths or multiple P2MP LSPs. An L3VPN can be configured to connect two or more customer sites. In hub-and-spoke MPLS L3VPN environments, the spoke routers need to have unique Route Distinguishers (RDs). In order to use the hub site as a transit point for connectivity in such an environment, the spoke sites export their routes to the hub. Spokes can talk to hubs, but never have direct paths to other spokes. All traffic between spokes is controlled and delivered over the hub site." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:191 msgid "And NAT Configuration:" msgstr "And NAT Configuration:" #: ../../configexamples/fwall-and-vrf.rst:70 msgid "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" msgstr "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" #: ../../configexamples/fwall-and-vrf.rst:112 msgid "And finally, we need to allow input connections to the router itself only from vrf MGMT:" msgstr "And finally, we need to allow input connections to the router itself only from vrf MGMT:" #: ../../configexamples/fwall-and-bridge.rst:292 msgid "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" msgstr "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:99 msgid "And ping the Branch PC from your central router to check the response." msgstr "And ping the Branch PC from your central router to check the response." #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:90 msgid "And show all DHCP Leases" msgstr "And show all DHCP Leases" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig." msgstr "And the ``client`` to receive an IPv6 address with stateless autoconfig." #: ../../configexamples/fwall-and-bridge.rst:202 #: ../../configexamples/fwall-and-bridge.rst:321 msgid "And the content of the custom rulesets:" msgstr "And the content of the custom rulesets:" #: ../../configexamples/fwall-and-bridge.rst:132 msgid "And then create the custom rulesets:" msgstr "And then create the custom rulesets:" #: ../../configexamples/fwall-and-bridge.rst:364 msgid "And with operational mode commands, we can check rules matchers, actions, and counters." msgstr "And with operational mode commands, we can check rules matchers, actions, and counters." #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1 msgid "Ansible Example topology image" msgstr "Ansible Example topology image" #: ../../configexamples/ansible.rst:7 msgid "Ansible example" msgstr "Ansible example" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:10 msgid "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**." msgstr "Any information related to a VRF is not exchanged between devices -or in the same device- by default, this is a technique called **VRF-Lite**." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:611 msgid "Appendix-A" msgstr "Appendix-A" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:764 msgid "Appendix-B" msgstr "Appendix-B" #: ../../configexamples/fwall-and-bridge.rst:265 msgid "As a reminder, here's a link to the :doc:`firewall documentation `, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." msgstr "As a reminder, here's a link to the :doc:`firewall documentation `, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." #: ../../configexamples/ha.rst:500 msgid "As a reminder, only advertise routes that you are the default router for. This is why we are NOT announcing the 192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that network over a tunnel that connects to that network!" msgstr "As a reminder, only advertise routes that you are the default router for. This is why we are NOT announcing the 192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that network over a tunnel that connects to that network!" #: ../../configexamples/fwall-and-vrf.rst:16 msgid "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" msgstr "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" #: ../../configexamples/fwall-and-bridge.rst:107 msgid "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" msgstr "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:853 msgid "As we can see even if both VRF LAN1 and LAN2 has the same import RTs we are able to select which routes are effectively imported and installed." msgstr "As we can see even if both VRF LAN1 and LAN2 has the same import RTs we are able to select which routes are effectively imported and installed." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:417 msgid "As we can see in the BGP table any imported route has been injected with a \"@\" followed by the VPN id; In the routing table of the VRF, if the route was installed, we can see -between round brackets- the exported VRF table." msgstr "As we can see in the BGP table any imported route has been injected with a \"@\" followed by the VPN id; In the routing table of the VRF, if the route was installed, we can see -between round brackets- the exported VRF table." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:52 msgid "As we can see this is unpractical." msgstr "As we can see this is unpractical." #: ../../configexamples/l3vpn-hub-and-spoke.rst:67 msgid "As we know the main assumption of L3VPN “Hub and Spoke” is, that the traffic between spokes have to pass via hub, in our scenario VyOS-PE2 is the Hub PE and the VyOS-CE1-HUB is the central customer office device that is responsible for controlling access between all spokes and announcing its network prefixes (10.0.0.100/32). VyOS-PE2 has the main VRF (its name is BLUE_HUB), its own Route-Distinguisher(RD) and route-target import/export lists. Multiprotocol-BGP(MP-BGP) delivers L3VPN related control-plane information to the nodes across network where PEs Spokes import the route-target 60535:1030 (this is export route-target of vrf BLUE_HUB) and export its own route-target 60535:1011(this is vrf BLUE_SPOKE export route-target). Therefore, the Customer edge nodes can only learn the network prefixes of the HUB site [10.0.0.100/32]. For this example VyOS-CE1 has network prefixes [10.0.0.80/32] / VyOS-CE2 has network prefixes [10.0.0.90/32]. Route-Reflector devices VyOS-RR1 and VyOS-RR2 are used to simplify network routes exchange and minimize iBGP peerings between devices." msgstr "As we know the main assumption of L3VPN “Hub and Spoke” is, that the traffic between spokes have to pass via hub, in our scenario VyOS-PE2 is the Hub PE and the VyOS-CE1-HUB is the central customer office device that is responsible for controlling access between all spokes and announcing its network prefixes (10.0.0.100/32). VyOS-PE2 has the main VRF (its name is BLUE_HUB), its own Route-Distinguisher(RD) and route-target import/export lists. Multiprotocol-BGP(MP-BGP) delivers L3VPN related control-plane information to the nodes across network where PEs Spokes import the route-target 60535:1030 (this is export route-target of vrf BLUE_HUB) and export its own route-target 60535:1011(this is vrf BLUE_SPOKE export route-target). Therefore, the Customer edge nodes can only learn the network prefixes of the HUB site [10.0.0.100/32]. For this example VyOS-CE1 has network prefixes [10.0.0.80/32] / VyOS-CE2 has network prefixes [10.0.0.90/32]. Route-Reflector devices VyOS-RR1 and VyOS-RR2 are used to simplify network routes exchange and minimize iBGP peerings between devices." #: ../../configexamples/qos.rst:182 msgid "As we see shaper is working and the traffic will not work over 5 Mbit/s." msgstr "As we see shaper is working and the traffic will not work over 5 Mbit/s." #: ../../configexamples/ha.rst:141 msgid "Assign external IP addresses" msgstr "Assign external IP addresses" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:82 msgid "Assuming the pings are successful, you need to add some DNS servers. Some options:" msgstr "Assuming the pings are successful, you need to add some DNS servers. Some options:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:107 msgid "At the first step we need to configure the IP/MPLS backbone network using OSPF as IGP protocol and LDP as label-switching protocol for the base connectivity between **P** (rovider), **P** (rovider) **E** (dge) and **R** (oute) **R** (eflector) nodes:" msgstr "At the first step we need to configure the IP/MPLS backbone network using OSPF as IGP protocol and LDP as label-switching protocol for the base connectivity between **P** (rovider), **P** (rovider) **E** (dge) and **R** (oute) **R** (eflector) nodes:" #: ../../configexamples/ha.rst:516 msgid "At this point, you now need to create the X link between all four routers. Use amdifferent /30 for each link." msgstr "At this point, you now need to create the X link between all four routers. Use amdifferent /30 for each link." #: ../../configexamples/ha.rst:184 msgid "At this point, you should be able to SSH into both of them, and will no longer need access to the console (unless you break something!)" msgstr "At this point, you should be able to SSH into both of them, and will no longer need access to the console (unless you break something!)" #: ../../configexamples/ha.rst:278 msgid "At this point, you should be able to see both IP addresses when you run ``show interfaces``\\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2)." msgstr "At this point, you should be able to see both IP addresses when you run ``show interfaces``\\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2)." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 msgid "At this point, your VyOS install should have full IPv6, but now your LAN devices need access." msgstr "At this point, your VyOS install should have full IPv6, but now your LAN devices need access." #: ../../configexamples/l3vpn-hub-and-spoke.rst:324 msgid "At this step we are going to enable iBGP protocol on MPLS nodes and Route Reflectors (two routers for redundancy) that will deliver IPv4 VPN (L3VPN) routes between them:" msgstr "At this step we are going to enable iBGP protocol on MPLS nodes and Route Reflectors (two routers for redundancy) that will deliver IPv4 VPN (L3VPN) routes between them:" #: ../../configexamples/azure-vpn-bgp.rst:52 #: ../../configexamples/azure-vpn-dual-bgp.rst:51 msgid "Azure ASN" msgstr "Azure ASN" #: ../../configexamples/azure-vpn-dual-bgp.rst:41 msgid "Azure VNet Gateway 1 public IP" msgstr "Azure VNet Gateway 1 public IP" #: ../../configexamples/azure-vpn-dual-bgp.rst:43 msgid "Azure VNet Gateway 2 public IP" msgstr "Azure VNet Gateway 2 public IP" #: ../../configexamples/azure-vpn-bgp.rst:46 #: ../../configexamples/azure-vpn-dual-bgp.rst:45 msgid "Azure VNet Gateway BGP IP" msgstr "Azure VNet Gateway BGP IP" #: ../../configexamples/azure-vpn-bgp.rst:44 msgid "Azure VNet Gateway public IP" msgstr "Azure VNet Gateway public IP" #: ../../configexamples/azure-vpn-bgp.rst:38 #: ../../configexamples/azure-vpn-dual-bgp.rst:35 msgid "Azure address space" msgstr "Azure address space" #: ../../configexamples/ha.rst:534 msgid "BGP" msgstr "BGP" #: ../../configexamples/bgp-ipv6-unnumbered.rst:7 msgid "BGP IPv6 unnumbered with extended nexthop" msgstr "BGP IPv6 unnumbered with extended nexthop" #: ../../configexamples/ha.rst:536 msgid "BGP is an extremely complex network protocol. An example is provided here." msgstr "BGP is an extremely complex network protocol. An example is provided here." #: ../../configexamples/l3vpn-hub-and-spoke.rst:88 msgid "BLUE_HUB" msgstr "BLUE_HUB" #: ../../configexamples/l3vpn-hub-and-spoke.rst:91 #: ../../configexamples/l3vpn-hub-and-spoke.rst:93 msgid "BLUE_SPOKE" msgstr "BLUE_SPOKE" #: ../../configexamples/wan-load-balancing.rst:169 msgid "Based on the previous example, another rule for traffic from the second interface eth3 can be added to the load balancer. However, traffic meant to flow between the LAN subnets will be sent to eth0 and eth1 as well. To prevent this, another rule is required. This rule excludes traffic between the local subnets from the load balancer. It also excludes locally-sources packets (required for web caching with load balancing). eth+ is used as an alias that refers to all ethernet interfaces:" msgstr "Based on the previous example, another rule for traffic from the second interface eth3 can be added to the load balancer. However, traffic meant to flow between the LAN subnets will be sent to eth0 and eth1 as well. To prevent this, another rule is required. This rule excludes traffic between the local subnets from the load balancer. It also excludes locally-sources packets (required for web caching with load balancing). eth+ is used as an alias that refers to all ethernet interfaces:" #: ../../configexamples/pppoe-ipv6-basic.rst:82 msgid "Basic Firewall" msgstr "Basic Firewall" #: ../../configexamples/ha.rst:108 msgid "Basic Setup (via console)" msgstr "Basic Setup (via console)" #: ../../configexamples/ansible.rst:64 msgid "Basic configuration of ansible.cfg:" msgstr "Basic configuration of ansible.cfg:" #: ../../configexamples/ansible.rst:64 msgid "Basik configuration of the ansible.cfg:" msgstr "Basik configuration of the ansible.cfg:" #: ../../configexamples/qos.rst:74 msgid "Before the interface eth0 on router VyOS3" msgstr "Before the interface eth0 on router VyOS3" #: ../../configexamples/ha.rst:125 msgid "Bonding on Hardware Router" msgstr "Bonding on Hardware Router" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:32 msgid "Both LANs have to be able to route between each other, both will have managed devices through a dedicated management network and both will need Internet access yet the LAN2 will need access to some set of outside networks, not all. The management network will need access to both LANs but cannot have access to/from the outside." msgstr "Both LANs have to be able to route between each other, both will have managed devices through a dedicated management network and both will need Internet access yet the LAN2 will need access to some set of outside networks, not all. The management network will need access to both LANs but cannot have access to/from the outside." #: ../../configexamples/autotest/Wireguard/Wireguard.rst:35 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:61 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:77 msgid "Branch" msgstr "Branch" #: ../../configexamples/fwall-and-bridge.rst:4 msgid "Bridge and firewall example" msgstr "Bridge and firewall example" #: ../../configexamples/fwall-and-bridge.rst:17 msgid "Bridge br0:" msgstr "Bridge br0:" #: ../../configexamples/fwall-and-bridge.rst:27 msgid "Bridge br1:" msgstr "Bridge br1:" #: ../../configexamples/fwall-and-bridge.rst:37 msgid "Bridge br2:" msgstr "Bridge br2:" #: ../../configexamples/fwall-and-bridge.rst:75 msgid "Bridge firewall configuration" msgstr "Bridge firewall configuration" #: ../../configexamples/fwall-and-bridge.rst:367 msgid "Bridge firewall rulset:" msgstr "Bridge firewall rulset:" #: ../../configexamples/fwall-and-bridge.rst:43 msgid "Bridges and interfaces configuration" msgstr "Bridges and interfaces configuration" #: ../../configexamples/zone-policy.rst:141 msgid "By default, iptables does not allow traffic for established sessions to return, so you must explicitly allow this. I do this by adding two rules to every ruleset. 1 allows established and related state packets through and rule 2 drops and logs invalid state packets. We place the established/related rule at the top because the vast majority of traffic on a network is established and the invalid rule to prevent invalid state packets from mistakenly being matched against other rules. Having the most matched rule listed first reduces CPU load in high volume environments. Note: I have filed a bug to have this added as a default action as well." msgstr "By default, iptables does not allow traffic for established sessions to return, so you must explicitly allow this. I do this by adding two rules to every ruleset. 1 allows established and related state packets through and rule 2 drops and logs invalid state packets. We place the established/related rule at the top because the vast majority of traffic on a network is established and the invalid rule to prevent invalid state packets from mistakenly being matched against other rules. Having the most matched rule listed first reduces CPU load in high volume environments. Note: I have filed a bug to have this added as a default action as well." #: ../../configexamples/l3vpn-hub-and-spoke.rst:891 msgid "CE Hub device" msgstr "CE Hub device" #: ../../configexamples/qos.rst:33 msgid "CS4 -> CS5" msgstr "CS4 -> CS5" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:29 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:55 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:71 msgid "Central" msgstr "Central" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:48 msgid "Check all possible settings `here `_" msgstr "Check all possible settings `here `_" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:252 msgid "Check the BGP VRF table and verify if the static routes are injected showing the correct next-hop information." msgstr "Check the BGP VRF table and verify if the static routes are injected showing the correct next-hop information." #: ../../configexamples/qos.rst:67 msgid "Check the result" msgstr "Check the result" #: ../../configexamples/qos.rst:175 msgid "Check the result." msgstr "Check the result." #: ../../configexamples/ansible.rst:142 msgid "Check the result on the vyos10 router:" msgstr "Check the result on the vyos10 router:" #: ../../configexamples/ansible.rst:51 msgid "Check the version:" msgstr "Check the version:" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:164 msgid "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF." msgstr "Checking the routing table of the VRF should reveal both static and connected entries active. A PING test between the Core and remote router is a way to validate connectivity within the VRF." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:204 msgid "Checking through op-mode commands" msgstr "Checking through op-mode commands" #: ../../configexamples/site-2-site-cisco.rst:71 msgid "Cisco" msgstr "Cisco" #: ../../configexamples/ha.rst:90 msgid "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch" msgstr "Cisco VPC Crossconnect - Ports 39 and 40 bonded between each switch" #: ../../configexamples/azure-vpn-bgp.rst:92 #: ../../configexamples/azure-vpn-dual-bgp.rst:94 msgid "Clamp the VTI's MSS to 1350 to avoid PMTU blackholes." msgstr "Clamp the VTI's MSS to 1350 to avoid PMTU blackholes." #: ../../configexamples/lac-lns.rst:96 msgid "Client" msgstr "Client" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:94 msgid "Client configuration" msgstr "Client configuration" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:24 msgid "Communication between private subnets should be done through IPSec tunnel without NAT." msgstr "Communication between private subnets should be done through IPSec tunnel without NAT." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:24 msgid "Communication between private subnets should be done through ipsec tunnel without nat." msgstr "Communication between private subnets should be done through ipsec tunnel without nat." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:601 msgid "Conclusions" msgstr "Conclusions" #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:26 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:25 #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:37 #: ../../configexamples/bgp-ipv6-unnumbered.rst:12 #: ../../configexamples/fwall-and-bridge.rst:40 #: ../../configexamples/fwall-and-vrf.rst:32 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:139 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:231 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:290 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:774 #: ../../configexamples/l3vpn-hub-and-spoke.rst:100 #: ../../configexamples/ospf-unnumbered.rst:12 #: ../../configexamples/policy-based-ipsec-and-firewall.rst:47 #: ../../configexamples/segment-routing-isis.rst:24 #: ../../configexamples/site-2-site-cisco.rst:18 msgid "Configuration" msgstr "Configuration" #: ../../configexamples/qos.rst:38 msgid "Configuration:" msgstr "Configuration:" #: ../../configexamples/nmp.rst:26 msgid "Configuration 'NMP'" msgstr "Configuration 'NMP'" #: ../../configexamples/nmp.rst:13 msgid "Configuration 'VyOS'" msgstr "Configuration 'VyOS'" #: ../../configexamples/qos.rst:10 msgid "Configuration 'dcsp' and shaper using QoS" msgstr "Configuration 'dcsp' and shaper using QoS" #: ../../configexamples/index.rst:4 msgid "Configuration Blueprints" msgstr "Configuration Blueprints" #: ../../configexamples/index.rst:31 msgid "Configuration Blueprints (autotest)" msgstr "Configuration Blueprints (autotest)" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:40 msgid "Configuration VyOS as OpenVPN Server" msgstr "Configuration VyOS as OpenVPN Server" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:27 msgid "Configuration of basic firewall in one site, in order to:" msgstr "Configuration of basic firewall in one site, in order to:" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:113 #: ../../configexamples/lac-lns.rst:29 #: ../../configexamples/pppoe-ipv6-basic.rst:26 msgid "Configurations" msgstr "Configurations" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:40 msgid "Configure VyOS as OpenVPN Server" msgstr "Configure VyOS as OpenVPN Server" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:253 msgid "Configure VyOS as client" msgstr "Configure VyOS as client" #: ../../configexamples/ha.rst:358 msgid "Configure Wireguard" msgstr "Configure Wireguard" #: ../../configexamples/azure-vpn-bgp.rst:85 msgid "Configure a VTI with a dummy IP address" msgstr "Configure a VTI with a dummy IP address" #: ../../configexamples/ha.rst:312 msgid "Configure conntrack-sync and enable helpers" msgstr "Configure conntrack-sync and enable helpers" #: ../../configexamples/azure-vpn-bgp.rst:58 #: ../../configexamples/azure-vpn-dual-bgp.rst:57 msgid "Configure the IKE and ESP settings to match a subset of those supported by Azure:" msgstr "Configure the IKE and ESP settings to match a subset of those supported by Azure:" #: ../../configexamples/azure-vpn-bgp.rst:98 msgid "Configure the VPN tunnel" msgstr "Configure the VPN tunnel" #: ../../configexamples/azure-vpn-dual-bgp.rst:101 msgid "Configure the VPN tunnels" msgstr "Configure the VPN tunnels" #: ../../configexamples/wan-load-balancing.rst:47 msgid "Configure the WAN load balancer with the parameters described above:" msgstr "Configure the WAN load balancer with the parameters described above:" #: ../../configexamples/wan-load-balancing.rst:46 msgid "Configure the load balancer" msgstr "Configure the load balancer" #: ../../configexamples/azure-vpn-dual-bgp.rst:84 msgid "Configure two VTIs with a dummy IP address each" msgstr "Configure two VTIs with a dummy IP address each" #: ../../configexamples/azure-vpn-bgp.rst:123 #: ../../configexamples/azure-vpn-dual-bgp.rst:141 msgid "Configure your BGP settings" msgstr "Configure your BGP settings" #: ../../configexamples/ha.rst:314 msgid "Conntrack helper modules are enabled by default, but they tend to cause more problems than they're worth in complex networks. You can disable all of them at one go." msgstr "Conntrack helper modules are enabled by default, but they tend to cause more problems than they're worth in complex networks. You can disable all of them at one go." #: ../../configexamples/nmp.rst:9 msgid "Consider how to quickly set up NMP and VyOS for monitoring. NMP is multi-vendor network monitoring from 'SolarWinds' built to scale and expand with the needs of your network." msgstr "Consider how to quickly set up NMP and VyOS for monitoring. NMP is multi-vendor network monitoring from 'SolarWinds' built to scale and expand with the needs of your network." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:87 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:89 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:91 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:93 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:616 msgid "Core" msgstr "Core" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:134 msgid "Core Router" msgstr "Core Router" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:62 msgid "Core network" msgstr "Core network" #: ../../configexamples/ha.rst:417 msgid "Create Export Filter" msgstr "Create Export Filter" #: ../../configexamples/ha.rst:448 msgid "Create Import Filter" msgstr "Create Import Filter" #: ../../configexamples/ha.rst:265 msgid "Create VRRP sync-group" msgstr "Create VRRP sync-group" #: ../../configexamples/ha.rst:127 msgid "Create a LACP bond on the hardware router. We are assuming that eth0 and eth1 are connected to port 8 on both switches, and that those ports are configured as a Port-Channel." msgstr "Create a LACP bond on the hardware router. We are assuming that eth0 and eth1 are connected to port 8 on both switches, and that those ports are configured as a Port-Channel." #: ../../configexamples/ha.rst:117 msgid "Create an 'All VLANs' network group, that passes all trunked traffic through to the VM. Attach this network group to router1 as eth0." msgstr "Create an 'All VLANs' network group, that passes all trunked traffic through to the VM. Attach this network group to router1 as eth0." #: ../../configexamples/wan-load-balancing.rst:81 msgid "Create interface weight based configuration" msgstr "Create interface weight based configuration" #: ../../configexamples/wan-load-balancing.rst:111 msgid "Create rule order based configuration" msgstr "Create rule order based configuration" #: ../../configexamples/wan-load-balancing.rst:142 msgid "Create rule order based configuration with low speed secondary link" msgstr "Create rule order based configuration with low speed secondary link" #: ../../configexamples/wan-load-balancing.rst:35 msgid "Create static routes through the two ISPs towards the ping targets and commit the changes:" msgstr "Create static routes through the two ISPs towards the ping targets and commit the changes:" #: ../../configexamples/wan-load-balancing.rst:34 msgid "Create static routes to ping targets" msgstr "Create static routes to ping targets" #: ../../configexamples/ha.rst:110 msgid "Create your router1 VM. So it can withstand a VM Host failing or a network link failing. Using VMware, this is achieved by enabling vSphere DRS, vSphere Availability, and creating a Distributed Port Group that uses LACP." msgstr "Create your router1 VM. So it can withstand a VM Host failing or a network link failing. Using VMware, this is achieved by enabling vSphere DRS, vSphere Availability, and creating a Distributed Port Group that uses LACP." #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:44 #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:62 msgid "DHCP-Relay" msgstr "DHCP-Relay" #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:37 #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:55 msgid "DHCP-Server" msgstr "DHCP-Server" #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:3 msgid "DHCP Relay trough GRE-Bridge" msgstr "DHCP Relay trough GRE-Bridge" #: ../../configexamples/pppoe-ipv6-basic.rst:42 msgid "DHCPv6-PD Setup" msgstr "DHCPv6-PD Setup" #: ../../configexamples/zone-policy.rst:364 msgid "DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a bunch at one time." msgstr "DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a bunch at one time." #: ../../configexamples/zone-policy.rst:39 msgid "DMZ cannot access LAN resources." msgstr "DMZ cannot access LAN resources." #: ../../configexamples/fwall-and-bridge.rst:35 msgid "Deny access to the router." msgstr "Deny access to the router." #: ../../configexamples/fwall-and-vrf.rst:21 msgid "Deny connections to internet(WAN)." msgstr "Deny connections to internet(WAN)." #: ../../configexamples/ha.rst:18 msgid "Design" msgstr "Design" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85 msgid "Device-A" msgstr "Device-A" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85 msgid "Device-B" msgstr "Device-B" #: ../../configexamples/fwall-and-vrf.rst:9 msgid "Diagram used in this example:" msgstr "Diagram used in this example:" #: ../../configexamples/fwall-and-bridge.rst:20 msgid "Drop all DHCP discover packets." msgstr "Drop all DHCP discover packets." #: ../../configexamples/fwall-and-bridge.rst:24 #: ../../configexamples/fwall-and-bridge.rst:34 msgid "Drop all IPv6 connections." msgstr "Drop all IPv6 connections." #: ../../configexamples/fwall-and-bridge.rst:23 msgid "Drop all other IPv4 connections." msgstr "Drop all other IPv4 connections." #: ../../configexamples/fwall-and-bridge.rst:27 msgid "Drop connections to other LANs." msgstr "Drop connections to other LANs." #: ../../configexamples/ha.rst:514 msgid "Duplicate configuration" msgstr "Duplicate configuration" #: ../../configexamples/pppoe-ipv6-basic.rst:44 msgid "During address configuration, in addition to assigning an address to the WAN interface, ISP also provides a prefix to allow the router to configure addresses of LAN interface and other nodes connecting to LAN, which is called prefix delegation (PD)." msgstr "During address configuration, in addition to assigning an address to the WAN interface, ISP also provides a prefix to allow the router to configure addresses of LAN interface and other nodes connecting to LAN, which is called prefix delegation (PD)." #: ../../configexamples/l3vpn-hub-and-spoke.rst:484 msgid "Dynamic routing used between CE and PE nodes and eBGP peering established for the route exchanging between them. All routes received by PEs are then exported to L3VPN and delivered from Spoke sites to Hub and vise-versa based on previously configured L3VPN parameters." msgstr "Dynamic routing used between CE and PE nodes and eBGP peering established for the route exchanging between them. All routes received by PEs are then exported to L3VPN and delivered from Spoke sites to Hub and vise-versa based on previously configured L3VPN parameters." #: ../../configexamples/zone-policy.rst:81 msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." msgstr "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." #: ../../configexamples/index.rst:35 msgid "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect." msgstr "Each lab will build an test from an external script. The page content will generate, so changes will not take an effect." #: ../../configexamples/azure-vpn-bgp.rst:79 #: ../../configexamples/azure-vpn-dual-bgp.rst:78 msgid "Enable IPsec on eth0" msgstr "Enable IPsec on eth0" #: ../../configexamples/ha.rst:470 msgid "Enable OSPF" msgstr "Enable OSPF" #: ../../configexamples/ha.rst:174 msgid "Enable SSH" msgstr "Enable SSH" #: ../../configexamples/ha.rst:176 msgid "Enable SSH so you can now SSH into the routers, rather than using the console." msgstr "Enable SSH so you can now SSH into the routers, rather than using the console." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:148 msgid "Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS." msgstr "Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS." #: ../../configexamples/zone-policy.rst:243 msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." msgstr "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." #: ../../configexamples/zone-policy.rst:253 msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set enable-default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." msgstr "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set enable-default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." #: ../../configexamples/ha.rst:472 msgid "Every router **must** have a unique router-id. The 'reference-bandwidth' is used because when OSPF was originally designed, the idea of a link faster than 1gbit was unheard of, and it does not scale correctly." msgstr "Every router **must** have a unique router-id. The 'reference-bandwidth' is used because when OSPF was originally designed, the idea of a link faster than 1gbit was unheard of, and it does not scale correctly." #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:114 msgid "Every router that provides access to a customer network needs to have the customer network (VRF + VNI) configured. To make our own lives easier, we utilize the same VRF table id (local routing table number) and VNI (Virtual Network Identifier) per tenant on all our routers." msgstr "Every router that provides access to a customer network needs to have the customer network (VRF + VNI) configured. To make our own lives easier, we utilize the same VRF table id (local routing table number) and VNI (Virtual Network Identifier) per tenant on all our routers." #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:108 msgid "Every tenant is assigned an individual VRF that would support overlapping address ranges for customers blue, red and green. In our example, we do not use overlapping ranges to make it easier when showing debug commands." msgstr "Every tenant is assigned an individual VRF that would support overlapping address ranges for customers blue, red and green. In our example, we do not use overlapping ranges to make it easier when showing debug commands." #: ../../configexamples/azure-vpn-bgp.rst:31 #: ../../configexamples/azure-vpn-dual-bgp.rst:28 msgid "Example" msgstr "Example" #: ../../configexamples/wan-load-balancing.rst:12 msgid "Example 1: Distributing load evenly" msgstr "Example 1: Distributing load evenly" #: ../../configexamples/wan-load-balancing.rst:68 msgid "Example 2: Failover based on interface weights" msgstr "Example 2: Failover based on interface weights" #: ../../configexamples/wan-load-balancing.rst:95 msgid "Example 3: Failover based on rule order" msgstr "Example 3: Failover based on rule order" #: ../../configexamples/wan-load-balancing.rst:124 msgid "Example 4: Failover based on rule order - priority traffic" msgstr "Example 4: Failover based on rule order - priority traffic" #: ../../configexamples/wan-load-balancing.rst:156 msgid "Example 5: Exclude traffic from load balancing" msgstr "Example 5: Exclude traffic from load balancing" #: ../../configexamples/ha.rst:43 msgid "Example Network" msgstr "Example Network" #: ../../configexamples/pppoe-ipv6-basic.rst:38 msgid "Fill ``password`` and ``user`` with the credential provided by your ISP." msgstr "Fill ``password`` and ``user`` with the credential provided by your ISP." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 msgid "Finally, don't forget the :ref:`Firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." msgstr "Finally, don't forget the :ref:`Firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 msgid "Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." msgstr "Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." #: ../../configexamples/l3vpn-hub-and-spoke.rst:985 msgid "Finally, let’s check the reachability between CEs:" msgstr "Finally, let’s check the reachability between CEs:" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:208 msgid "Firewall" msgstr "Firewall" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:123 msgid "Firewall Configuration:" msgstr "Firewall Configuration:" #: ../../configexamples/firewall.rst:4 msgid "Firewall Examples" msgstr "Firewall Examples" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:39 msgid "First, we configure the ``vyos-wan`` interface to get a DHCP address." msgstr "First, we configure the ``vyos-wan`` interface to get a DHCP address." #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:28 msgid "First, we configure the transport network and the Tunnel interface." msgstr "First, we configure the transport network and the Tunnel interface." #: ../../configexamples/fwall-and-vrf.rst:34 msgid "First, we need to configure the interfaces and VRFs:" msgstr "First, we need to configure the interfaces and VRFs:" #: ../../configexamples/fwall-and-bridge.rst:45 msgid "First, we need to configure the interfaces and bridges:" msgstr "First, we need to configure the interfaces and bridges:" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:44 msgid "First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look :ref:`here ` for more information." msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look :ref:`here ` for more information." #: ../../configexamples/nmp.rst:15 msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." msgstr "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:56 msgid "First the CA" msgstr "First the CA" #: ../../configexamples/site-2-site-cisco.rst:9 msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." #: ../../configexamples/fwall-and-vrf.rst:75 msgid "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." msgstr "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." #: ../../configexamples/fwall-and-vrf.rst:77 msgid "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." msgstr "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." #: ../../configexamples/ha.rst:60 msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" msgstr "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" #: ../../configexamples/fwall-and-bridge.rst:352 msgid "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" msgstr "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" #: ../../configexamples/pppoe-ipv6-basic.rst:56 msgid "For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information." msgstr "For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information." #: ../../configexamples/azure-vpn-bgp.rst:11 msgid "For redundant / active-active configurations see :ref:`examples-azure-vpn-dual-bgp`" msgstr "For redundant / active-active configurations see :ref:`examples-azure-vpn-dual-bgp`" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:10 msgid "For simplicity, configuration and tests are done only using IPv4, and firewall configuration is done only on one router." msgstr "For simplicity, configuration and tests are done only using IPv4, and firewall configuration is done only on one router." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:10 msgid "For simplicity, configuration and tests are done only using ipv4, and firewall configuration in done only on one router." msgstr "For simplicity, configuration and tests are done only using ipv4, and firewall configuration in done only on one router." #: ../../configexamples/ha.rst:146 msgid "For the hardware router, replace ``eth0`` with ``bond0``. As (almost) every command is identical, this will not be specified unless different things need to be performed on different hosts." msgstr "For the hardware router, replace ``eth0`` with ``bond0``. As (almost) every command is identical, this will not be specified unless different things need to be performed on different hosts." #: ../../configexamples/ha.rst:88 msgid "From Datacenter - This connects into port 1 on both switches, and is tagged as VLAN 50" msgstr "From Datacenter - This connects into port 1 on both switches, and is tagged as VLAN 50" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:427 msgid "From Management to LAN1/LAN2" msgstr "From Management to LAN1/LAN2" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:469 msgid "From Management to Outside (fails as intended)" msgstr "From Management to Outside (fails as intended)" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:614 msgid "Full configuration from all devices" msgstr "Full configuration from all devices" #: ../../configexamples/site-2-site-cisco.rst:23 msgid "GRE:" msgstr "GRE:" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:19 msgid "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter." msgstr "General information about L3VPNs can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter." #: ../../configexamples/l3vpn-hub-and-spoke.rst:49 msgid "General information can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter." msgstr "General information can be found in the :ref:`configuration/vrf/index:L3VPN VRFs` chapter." #: ../../configexamples/bgp-ipv6-unnumbered.rst:9 msgid "General information can be found in the :ref:`routing-bgp` chapter." msgstr "General information can be found in the :ref:`routing-bgp` chapter." #: ../../configexamples/ospf-unnumbered.rst:9 msgid "General information can be found in the :ref:`routing-ospf` chapter." msgstr "General information can be found in the :ref:`routing-ospf` chapter." #: ../../configexamples/ha.rst:74 msgid "Hardware" msgstr "Hardware" #: ../../configexamples/ha.rst:91 msgid "Hardware Router - Port 8 of each switch" msgstr "Hardware Router - Port 8 of each switch" #: ../../configexamples/zone-policy.rst:272 msgid "Here is an example of an IPv6 DMZ-WAN ruleset." msgstr "Here is an example of an IPv6 DMZ-WAN ruleset." #: ../../configexamples/segment-routing-isis.rst:178 msgid "Here is the routing tables showing the MPLS segment routing label operations:" msgstr "Here is the routing tables showing the MPLS segment routing label operations:" #: ../../configexamples/pppoe-ipv6-basic.rst:76 msgid "Here we set the prefix to ``::/64`` to indicate advertising any /64 prefix the LAN interface is assigned." msgstr "Here we set the prefix to ``::/64`` to indicate advertising any /64 prefix the LAN interface is assigned." #: ../../configexamples/pppoe-ipv6-basic.rst:54 msgid "Here we use the prefix to configure the address of eth1 (LAN) to form ``::64``, where ``64`` is hexadecimal of address 100." msgstr "Here we use the prefix to configure the address of eth1 (LAN) to form ``::64``, where ``64`` is hexadecimal of address 100." #: ../../configexamples/ha.rst:7 msgid "High Availability Walkthrough" msgstr "High Availability Walkthrough" #: ../../configexamples/l3vpn-hub-and-spoke.rst:65 msgid "How does it work?" msgstr "How does it work?" #: ../../configexamples/l3vpn-hub-and-spoke.rst:88 msgid "Hub" msgstr "Hub" #: ../../configexamples/l3vpn-hub-and-spoke.rst:6 msgid "IP/MPLS technology is widely used by various service providers and large enterprises in order to achieve better network scalability, manageability and flexibility. It also provides the possibility to deliver different services for the customers in a seamless manner. Layer 3 VPN (L3VPN) is a type of VPN mode that is built and delivered through OSI layer 3 networking technologies. Often the border gateway protocol (BGP) is used to send and receive VPN-related data that is responsible for the control plane. L3VPN utilizes virtual routing and forwarding (VRF) techniques to receive and deliver user data as well as separate data planes of the end-users. It is built using a combination of IP- and MPLS-based information. Generally, L3VPNs are used to send data on back-end VPN infrastructures, such as for VPN connections between data centres, HQs and branches." msgstr "IP/MPLS technology is widely used by various service providers and large enterprises in order to achieve better network scalability, manageability and flexibility. It also provides the possibility to deliver different services for the customers in a seamless manner. Layer 3 VPN (L3VPN) is a type of VPN mode that is built and delivered through OSI layer 3 networking technologies. Often the border gateway protocol (BGP) is used to send and receive VPN-related data that is responsible for the control plane. L3VPN utilizes virtual routing and forwarding (VRF) techniques to receive and deliver user data as well as separate data planes of the end-users. It is built using a combination of IP- and MPLS-based information. Generally, L3VPNs are used to send data on back-end VPN infrastructures, such as for VPN connections between data centres, HQs and branches." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:65 msgid "IPSec configuration:" msgstr "IPSec configuration:" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:82 msgid "IP Schema" msgstr "IP Schema" #: ../../configexamples/fwall-and-bridge.rst:258 msgid "IP firewall configuration" msgstr "IP firewall configuration" #: ../../configexamples/site-2-site-cisco.rst:34 msgid "IPsec:" msgstr "IPsec:" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85 msgid "IPv4 Network" msgstr "IPv4 Network" #: ../../configexamples/fwall-and-bridge.rst:451 msgid "IPv4 firewall rulset:" msgstr "IPv4 firewall rulset:" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85 msgid "IPv6 Network" msgstr "IPv6 Network" #: ../../configexamples/zone-policy.rst:373 msgid "IPv6 Tunnel" msgstr "IPv6 Tunnel" #: ../../configexamples/segment-routing-isis.rst:17 msgid "ISIS-SR example network" msgstr "ISIS-SR example network" #: ../../configexamples/segment-routing-isis.rst:17 msgid "ISIS-SR network" msgstr "ISIS-SR network" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:93 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:739 msgid "ISP" msgstr "ISP" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:64 msgid "I chose to run OSPF as the IGP (Interior Gateway Protocol). All required BGP sessions are established via a dummy interfaces (similar to the loopback, but in Linux you can have only one loopback, while there can be many dummy interfaces) on the PE routers. In case of a link failure, traffic is diverted in the other direction in this triangle setup and BGP sessions will not go down. One could even enable BFD (Bidirectional Forwarding Detection) on the links for a faster failover and resilience in the network." msgstr "I chose to run OSPF as the IGP (Interior Gateway Protocol). All required BGP sessions are established via a dummy interfaces (similar to the loopback, but in Linux you can have only one loopback, while there can be many dummy interfaces) on the PE routers. In case of a link failure, traffic is diverted in the other direction in this triangle setup and BGP sessions will not go down. One could even enable BFD (Bidirectional Forwarding Detection) on the links for a faster failover and resilience in the network." #: ../../configexamples/zone-policy.rst:161 msgid "I create/configure the interfaces first. Build out the rulesets for each zone-pair-direction which includes at least the three state rules. Then I setup the zone-policies." msgstr "I create/configure the interfaces first. Build out the rulesets for each zone-pair-direction which includes at least the three state rules. Then I setup the zone-policies." #: ../../configexamples/zone-policy.rst:90 msgid "I name rule sets to indicate which zone-pair-direction they represent. eg. ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN." msgstr "I name rule sets to indicate which zone-pair-direction they represent. eg. ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN." #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:14 msgid "I named the customers blue, red and green which is common practice in VRF (Virtual Routing and Forwarding) documentation scenarios." msgstr "I named the customers blue, red and green which is common practice in VRF (Virtual Routing and Forwarding) documentation scenarios." #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:9 msgid "I spun up a new lab in EVE-NG, which represents this as the \"Foo Bar - Service Provider Inc.\" that has 3 points of presence (PoP) in random datacenters/sites named PE1, PE2, and PE3. Each PoP aggregates at least two customers." msgstr "I spun up a new lab in EVE-NG, which represents this as the \"Foo Bar - Service Provider Inc.\" that has 3 points of presence (PoP) in random datacenters/sites named PE1, PE2, and PE3. Each PoP aggregates at least two customers." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:54 msgid "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." msgstr "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:256 msgid "If the client is connect successfully you can check the output with" msgstr "If the client is connect successfully you can check the output with" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:272 msgid "If the client is connected successfully you can check the status" msgstr "If the client is connected successfully you can check the status" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:236 msgid "If we need to retrieve information about a specific host/network inside the EVPN network we need to run" msgstr "If we need to retrieve information about a specific host/network inside the EVPN network we need to run" #: ../../configexamples/ha.rst:34 msgid "If you are following through this document, it is strongly suggested you complete the entire document, ONLY doing the virtual router1 steps, and then come back and walk through it AGAIN on the backup hardware router." msgstr "If you are following through this document, it is strongly suggested you complete the entire document, ONLY doing the virtual router1 steps, and then come back and walk through it AGAIN on the backup hardware router." #: ../../configexamples/zone-policy.rst:375 msgid "If you are using a IPv6 tunnel from HE.net or someone else, the basis is the same except you have two WAN interfaces. One for v4 and one for v6." msgstr "If you are using a IPv6 tunnel from HE.net or someone else, the basis is the same except you have two WAN interfaces. One for v4 and one for v6." #: ../../configexamples/ha.rst:354 msgid "If you use a routing protocol itself, you solve two problems at once. This is only a basic example, and is provided as a starting point." msgstr "If you use a routing protocol itself, you solve two problems at once. This is only a basic example, and is provided as a starting point." #: ../../configexamples/zone-policy.rst:100 msgid "If your computer is on the LAN and you need to SSH into your VyOS box, you would need a rule to allow it in the LAN-Local ruleset. If you want to access a webpage from your VyOS box, you need a rule to allow it in the Local-LAN ruleset." msgstr "If your computer is on the LAN and you need to SSH into your VyOS box, you would need a rule to allow it in the LAN-Local ruleset. If you want to access a webpage from your VyOS box, you need a rule to allow it in the Local-LAN ruleset." #: ../../configexamples/l3vpn-hub-and-spoke.rst:44 msgid "Image name: vyos-1.4-rolling-202110310317-amd64.iso" msgstr "Image name: vyos-1.4-rolling-202110310317-amd64.iso" #: ../../configexamples/zone-policy.rst:93 msgid "In VyOS, you have to have unique Ruleset names. In the event of overlap, I add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows for each auto-completion and uniqueness." msgstr "In VyOS, you have to have unique Ruleset names. In the event of overlap, I add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows for each auto-completion and uniqueness." #: ../../configexamples/zone-policy.rst:157 msgid "In VyOS you must have the interfaces created before you can apply it to the zone and the rulesets must be created prior to applying it to a zone-policy." msgstr "In VyOS you must have the interfaces created before you can apply it to the zone and the rulesets must be created prior to applying it to a zone-policy." #: ../../configexamples/zone-policy.rst:8 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone `` to ``firewall zone ``." msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone `` to ``firewall zone ``." #: ../../configexamples/zone-policy.rst:105 msgid "In rules, it is good to keep them named consistently. As the number of rules you have grows, the more consistency you have, the easier your life will be." msgstr "In rules, it is good to keep them named consistently. As the number of rules you have grows, the more consistency you have, the easier your life will be." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:184 msgid "In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535)." msgstr "In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535)." #: ../../configexamples/qos.rst:157 msgid "In the end, on the router “VyOS2” we will set outgoing bandwidth limits between the “VyOS3” and “VyOS1” routers. Let's set a limit for IP 10.1.1.100 = 5 Mbps(Tx). We will check the result of the work with the help of the “iPerf” utility." msgstr "In the end, on the router “VyOS2” we will set outgoing bandwidth limits between the “VyOS3” and “VyOS1” routers. Let's set a limit for IP 10.1.1.100 = 5 Mbps(Tx). We will check the result of the work with the help of the “iPerf” utility." #: ../../configexamples/qos.rst:35 msgid "In the end, we will configure the traffic shaper using QoS mechanisms on the “VYOS2” router." msgstr "In the end, we will configure the traffic shaper using QoS mechanisms on the “VYOS2” router." #: ../../configexamples/nmp.rst:66 msgid "In the end, you'll get a powerful instrument for monitoring the VyOS systems." msgstr "In the end, you'll get a powerful instrument for monitoring the VyOS systems." #: ../../configexamples/zone-policy.rst:367 msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." msgstr "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." #: ../../configexamples/ansible.rst:216 msgid "In the next chapter of the example, we'll use Ansible with jinja2 templates and variables." msgstr "In the next chapter of the example, we'll use Ansible with jinja2 templates and variables." #: ../../configexamples/ansible.rst:216 msgid "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables." msgstr "In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables." #: ../../configexamples/ha.rst:154 msgid "In this case, the hardware router has a different IP, so it would be" msgstr "In this case, the hardware router has a different IP, so it would be" #: ../../configexamples/qos.rst:12 msgid "In this case, we'll try to make a simple lab using QoS and the general ability of the VyOS system. We recommend you to go through the main article about `QoS `_ first." msgstr "In this case, we'll try to make a simple lab using QoS and the general ability of the VyOS system. We recommend you to go through the main article about `QoS `_ first." #: ../../configexamples/zone-policy.rst:355 msgid "In this case, we are setting the v6 ruleset that represents traffic sourced from the LAN, destined for the DMZ. Because the zone-policy firewall syntax is a little awkward, I keep it straight by thinking of it backwards." msgstr "In this case, we are setting the v6 ruleset that represents traffic sourced from the LAN, destined for the DMZ. Because the zone-policy firewall syntax is a little awkward, I keep it straight by thinking of it backwards." #: ../../configexamples/ha.rst:45 msgid "In this document, we have been allocated 203.0.113.0/24 by our upstream provider, which we are publishing on VLAN100." msgstr "In this document, we have been allocated 203.0.113.0/24 by our upstream provider, which we are publishing on VLAN100." #: ../../configexamples/wan-load-balancing.rst:76 msgid "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over." msgstr "In this example, eth0 is the primary interface and eth1 is the secondary interface. To provide simple failover functionality. If eth0 fails, eth1 takes over." #: ../../configexamples/ansible.rst:12 msgid "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:" msgstr "In this example, we will set up a simple use of Ansible to configure multiple VyoS routers. We have four pre-configured routers with this configuration:" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:42 msgid "In this example OpenVPN will be setup with a client certificate and username / password authentication." msgstr "In this example OpenVPN will be setup with a client certificate and username / password authentication." #: ../../configexamples/wan-load-balancing.rst:158 msgid "In this example two LAN interfaces exist in different subnets instead of one like in the previous examples:" msgstr "In this example two LAN interfaces exist in different subnets instead of one like in the previous examples:" #: ../../configexamples/zone-policy.rst:97 msgid "In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the firewall itself." msgstr "In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the firewall itself." #: ../../configexamples/lac-lns.rst:17 msgid "In this example we use VyOS 1.5 as LNS and Cisco IOS as LAC. All users with domain **vyos.io** will be tunneled to LNS via L2TP." msgstr "In this example we use VyOS 1.5 as LNS and Cisco IOS as LAC. All users with domain **vyos.io** will be tunneled to LNS via L2TP." #: ../../configexamples/lac-lns.rst:98 msgid "In this lab we use Windows PPPoE client." msgstr "In this lab we use Windows PPPoE client." #: ../../configexamples/fwall-and-bridge.rst:77 msgid "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." msgstr "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." #: ../../configexamples/zone-policy.rst:40 msgid "Inbound WAN connect to DMZ host." msgstr "Inbound WAN connect to DMZ host." #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:189 msgid "Information about Ethernet Virtual Private Networks" msgstr "Information about Ethernet Virtual Private Networks" #: ../../configexamples/segment-routing-isis.rst:223 msgid "Information about prefix-sid and label-operation from VyOS" msgstr "Information about prefix-sid and label-operation from VyOS" #: ../../configexamples/ansible.rst:37 msgid "Install Ansible:" msgstr "Install Ansible:" #: ../../configexamples/ansible.rst:44 msgid "Install Paramiko:" msgstr "Install Paramiko:" #: ../../configexamples/ansible.rst:37 msgid "Install the Ansible:" msgstr "Install the Ansible:" #: ../../configexamples/ansible.rst:44 msgid "Install the paramiko:" msgstr "Install the paramiko:" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:3 msgid "Inter-VRF Routing over VRF Lite" msgstr "Inter-VRF Routing over VRF Lite" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:603 msgid "Inter-VRF routing is a well-known solution to address complex routing scenarios that enable -in a dynamic way- to leak routes between VRFs. Is recommended to take special consideration while designing route-targets and its application as it can minimize future interventions while creating a new VRF will automatically take the desired effect in its propagation." msgstr "Inter-VRF routing is a well-known solution to address complex routing scenarios that enable -in a dynamic way- to leak routes between VRFs. Is recommended to take special consideration while designing route-targets and its application as it can minimize future interventions while creating a new VRF will automatically take the desired effect in its propagation." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:49 msgid "Interface and routing configuration:" msgstr "Interface and routing configuration:" #: ../../configexamples/ha.rst:195 msgid "Internal Network" msgstr "Internal Network" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:30 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:108 msgid "Internet" msgstr "Internet" #: ../../configexamples/zone-policy.rst:30 msgid "Internet - 192.168.200.100 - TCP/25" msgstr "Internet - 192.168.200.100 - TCP/25" #: ../../configexamples/zone-policy.rst:29 msgid "Internet - 192.168.200.100 - TCP/443" msgstr "Internet - 192.168.200.100 - TCP/443" #: ../../configexamples/zone-policy.rst:31 msgid "Internet - 192.168.200.100 - TCP/53" msgstr "Internet - 192.168.200.100 - TCP/53" #: ../../configexamples/zone-policy.rst:28 msgid "Internet - 192.168.200.100 - TCP/80" msgstr "Internet - 192.168.200.100 - TCP/80" #: ../../configexamples/fwall-and-bridge.rst:16 msgid "Isolated layer 2 bridge." msgstr "Isolated layer 2 bridge." #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:79 msgid "It's important to note that all your existing configurations will be migrated automatically on image upgrade. Nothing to do on your side." msgstr "It's important to note that all your existing configurations will be migrated automatically on image upgrade. Nothing to do on your side." #: ../../configexamples/ha.rst:163 msgid "It is assumed that the routers provided by upstream are capable of acting as a default router, add that as a static route." msgstr "It is assumed that the routers provided by upstream are capable of acting as a default router, add that as a static route." #: ../../configexamples/zone-policy.rst:130 msgid "It is good practice to log both accepted and denied traffic. It can save you significant headaches when trying to troubleshoot a connectivity issue." msgstr "It is good practice to log both accepted and denied traffic. It can save you significant headaches when trying to troubleshoot a connectivity issue." #: ../../configexamples/zone-policy.rst:50 msgid "It will look something like this:" msgstr "It will look something like this:" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:13 msgid "Keep networks isolated is -in general- a good principle, but there are cases where you might need that some network can access other in a different VRF." msgstr "Keep networks isolated is -in general- a good principle, but there are cases where you might need that some network can access other in a different VRF." #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:4 msgid "L3VPN EVPN with VyOS" msgstr "L3VPN EVPN with VyOS" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:-1 msgid "L3VPN EVPN with VyOS topology image" msgstr "L3VPN EVPN with VyOS topology image" #: ../../configexamples/l3vpn-hub-and-spoke.rst:83 msgid "L3VPN configuration parameters table:" msgstr "L3VPN configuration parameters table:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:4 msgid "L3VPN for Hub-and-Spoke connectivity with VyOS" msgstr "L3VPN for Hub-and-Spoke connectivity with VyOS" #: ../../configexamples/lac-lns.rst:32 msgid "LAC" msgstr "LAC" #: ../../configexamples/zone-policy.rst:382 msgid "LAN, WAN, DMZ, local and TUN (tunnel)" msgstr "LAN, WAN, DMZ, local and TUN (tunnel)" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:87 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:102 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:701 msgid "LAN1" msgstr "LAN1" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:575 msgid "LAN1 to LAN2" msgstr "LAN1 to LAN2" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:520 msgid "LAN1 to Outside" msgstr "LAN1 to Outside" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:89 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:104 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:713 msgid "LAN2" msgstr "LAN2" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:27 msgid "LAN 1" msgstr "LAN 1" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:28 msgid "LAN 2" msgstr "LAN 2" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:108 msgid "LAN Configuration" msgstr "LAN Configuration" #: ../../configexamples/zone-policy.rst:37 msgid "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH." msgstr "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH." #: ../../configexamples/zone-policy.rst:38 msgid "LAN can access DMZ resources." msgstr "LAN can access DMZ resources." #: ../../configexamples/lac-lns.rst:72 msgid "LNS" msgstr "LNS" #: ../../configexamples/l3vpn-hub-and-spoke.rst:551 msgid "Let’s check IPv4 routing and MPLS information on provider nodes (same procedure for all P nodes):" msgstr "Let’s check IPv4 routing and MPLS information on provider nodes (same procedure for all P nodes):" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:25 msgid "Let’s say we have a requirement to have multiple networks." msgstr "Let’s say we have a requirement to have multiple networks." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:22 msgid "Local subnets should be able to reach internet using source NAT." msgstr "Local subnets should be able to reach internet using source NAT." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:22 msgid "Local subnets should be able to reach internet using source nat." msgstr "Local subnets should be able to reach internet using source nat." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:58 msgid "MP-BGP or MultiProtocol BGP introduces two main concepts to solve this limitation: - Route Distinguisher (RD): Is used to distinguish between different VRFs –called VPNs- inside the BGP Process. The RD is appended to each IPv4 Network that is advertised into BGP for that VPN making it a unique VPNv4 route. - Route Target (RT): This is an extended BGP community append to the VPNv4 route in the Import/Export process. When a route passes from the VRF routing table into the BGP process it will add the configured export extended community(ies) for that VPN. When that route needs to go from BGP into the VRF routing table will only pass if that given VPN import policy matches any of the appended community(ies) into that prefix." msgstr "MP-BGP or MultiProtocol BGP introduces two main concepts to solve this limitation: - Route Distinguisher (RD): Is used to distinguish between different VRFs –called VPNs- inside the BGP Process. The RD is appended to each IPv4 Network that is advertised into BGP for that VPN making it a unique VPNv4 route. - Route Target (RT): This is an extended BGP community append to the VPNv4 route in the Import/Export process. When a route passes from the VRF routing table into the BGP process it will add the configured export extended community(ies) for that VPN. When that route needs to go from BGP into the VRF routing table will only pass if that given VPN import policy matches any of the appended community(ies) into that prefix." #: ../../configexamples/qos.rst:60 msgid "Main rules:" msgstr "Main rules:" #: ../../configexamples/ha.rst:414 msgid "Make sure you can ping 10.254.60.1 and .2 from both routers." msgstr "Make sure you can ping 10.254.60.1 and .2 from both routers." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:29 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:91 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:106 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:727 msgid "Management" msgstr "Management" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:26 msgid "Management VRF" msgstr "Management VRF" #: ../../configexamples/ha.rst:114 msgid "Many other Hypervisors do this, and I'm hoping that this document will be expanded to document how to do this for others." msgstr "Many other Hypervisors do this, and I'm hoping that this document will be expanded to document how to do this for others." #: ../../configexamples/ha.rst:297 msgid "Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface." msgstr "Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface." #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:270 #: ../../configexamples/lac-lns.rst:106 msgid "Monitoring" msgstr "Monitoring" #: ../../configexamples/lac-lns.rst:117 msgid "Monitoring on LAC side" msgstr "Monitoring on LAC side" #: ../../configexamples/lac-lns.rst:108 msgid "Monitoring on LNS side" msgstr "Monitoring on LNS side" #: ../../configexamples/lac-lns.rst:140 msgid "Monitoring on RADIUS Server side" msgstr "Monitoring on RADIUS Server side" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:170 msgid "Multiple LAN/DMZ Setup" msgstr "Multiple LAN/DMZ Setup" #: ../../configexamples/ha.rst:295 msgid "NAT and conntrack-sync" msgstr "NAT and conntrack-sync" #: ../../configexamples/nmp.rst:7 msgid "NMP example" msgstr "NMP example" #: ../../configexamples/zone-policy.rst:13 msgid "Native IPv4 and IPv6" msgstr "Native IPv4 and IPv6" #: ../../configexamples/ha.rst:86 msgid "Network Cabling" msgstr "Network Cabling" #: ../../configexamples/lac-lns.rst:21 #: ../../configexamples/pppoe-ipv6-basic.rst:18 msgid "Network Topology" msgstr "Network Topology" #: ../../configexamples/ansible.rst:-1 #: ../../configexamples/fwall-and-vrf.rst:-1 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1 #: ../../configexamples/l3vpn-hub-and-spoke.rst:-1 #: ../../configexamples/lac-lns.rst:-1 #: ../../configexamples/nmp.rst:-1 #: ../../configexamples/pppoe-ipv6-basic.rst:-1 #: ../../configexamples/qos.rst:-1 #: ../../configexamples/wan-load-balancing.rst:-1 #: ../../configexamples/zone-policy.rst:-1 msgid "Network Topology Diagram" msgstr "Network Topology Diagram" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:14 msgid "Network Topology and requirements" msgstr "Network Topology and requirements" #: ../../configexamples/fwall-and-vrf.rst:80 msgid "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." msgstr "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." #: ../../configexamples/qos.rst:31 msgid "Next, we will replace only all CS4 labels on the “VyOS2” router." msgstr "Next, we will replace only all CS4 labels on the “VyOS2” router." #: ../../configexamples/nmp.rst:28 msgid "Next, you just should follow the pictures:" msgstr "Next, you just should follow the pictures:" #: ../../configexamples/qos.rst:106 msgid "Next on the router VyOS2 we will change labels on all incoming traffic only from CS4-> CS6" msgstr "Next on the router VyOS2 we will change labels on all incoming traffic only from CS4-> CS6" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:42 msgid "Next thing to do, is to create a wireguard keypair on each side. After this, the public key can be displayed, to save for later." msgstr "Next thing to do, is to create a wireguard keypair on each side. After this, the public key can be displayed, to save for later." #: ../../configexamples/l3vpn-hub-and-spoke.rst:86 msgid "Node" msgstr "Node" #: ../../configexamples/ha.rst:83 msgid "Note that router1 is a VM that runs on one of the compute nodes." msgstr "Note that router1 is a VM that runs on one of the compute nodes." #: ../../configexamples/pppoe-ipv6-basic.rst:115 msgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." msgstr "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." #: ../../configexamples/zone-policy.rst:401 msgid "Notice, none go to WAN since WAN wouldn't have a v6 address on it." msgstr "Notice, none go to WAN since WAN wouldn't have a v6 address on it." #: ../../configexamples/fwall-and-bridge.rst:168 msgid "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" msgstr "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:831 msgid "Now, let’s check routing information on out Hub PE:" msgstr "Now, let’s check routing information on out Hub PE:" #: ../../configexamples/ha.rst:322 msgid "Now enable replication between nodes. Replace eth0.201 with bond0.201 on the hardware router." msgstr "Now enable replication between nodes. Replace eth0.201 with bond0.201 on the hardware router." #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:54 msgid "Now generate all required certificates on the ovpn-server:" msgstr "Now generate all required certificates on the ovpn-server:" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:152 msgid "Now the Client is able to ping a public IPv6 address" msgstr "Now the Client is able to ping a public IPv6 address" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:45 msgid "Now we are able to setup the tunnel interface." msgstr "Now we are able to setup the tunnel interface." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:425 msgid "Now we perform some end-to-end testing" msgstr "Now we perform some end-to-end testing" #: ../../configexamples/l3vpn-hub-and-spoke.rst:636 msgid "Now we’re checking iBGP status and routes from route-reflector nodes to other devices:" msgstr "Now we’re checking iBGP status and routes from route-reflector nodes to other devices:" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:65 msgid "Now you should be able to ping a public IPv6 Address" msgstr "Now you should be able to ping a public IPv6 Address" #: ../../configexamples/ha.rst:348 msgid "OSPF Over WireGuard" msgstr "OSPF Over WireGuard" #: ../../configexamples/ospf-unnumbered.rst:7 msgid "OSPF unnumbered with ECMP" msgstr "OSPF unnumbered with ECMP" #: ../../configexamples/azure-vpn-bgp.rst:36 #: ../../configexamples/azure-vpn-dual-bgp.rst:33 msgid "On-premises address space" msgstr "On-premises address space" #: ../../configexamples/qos.rst:88 msgid "On the router, VyOS4 set all traffic as CS4. We have to configure the default class and class for changing all labels from CS0 to CS4" msgstr "On the router, VyOS4 set all traffic as CS4. We have to configure the default class and class for changing all labels from CS0 to CS4" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:105 msgid "Once all routers can be safely remotely managed and the core network is operational, we can now setup the tenant networks." msgstr "Once all routers can be safely remotely managed and the core network is operational, we can now setup the tenant networks." #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:87 msgid "Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out." msgstr "Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out." #: ../../configexamples/zone-policy.rst:345 msgid "Once you have all of your rulesets built, then you need to create your zone-policy." msgstr "Once you have all of your rulesets built, then you need to create your zone-policy." #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:96 msgid "One advantage of having the client certificate stored is the ability to create the client configuration." msgstr "One advantage of having the client certificate stored is the ability to create the client configuration." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:47 msgid "One cable/logical connection between LAN1 and Internet" msgstr "One cable/logical connection between LAN1 and Internet" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:46 msgid "One cable/logical connection between LAN1 and LAN2" msgstr "One cable/logical connection between LAN1 and LAN2" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:49 msgid "One cable/logical connection between LAN1 and Management" msgstr "One cable/logical connection between LAN1 and Management" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:48 msgid "One cable/logical connection between LAN2 and Internet" msgstr "One cable/logical connection between LAN2 and Internet" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:50 msgid "One cable/logical connection between LAN2 and Management" msgstr "One cable/logical connection between LAN2 and Management" #: ../../configexamples/fwall-and-vrf.rst:27 msgid "Only accepts connections." msgstr "Only accepts connections." #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:5 msgid "OpenVPN with LDAP" msgstr "OpenVPN with LDAP" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:-1 msgid "OpenVPN with LDAP topology image" msgstr "OpenVPN with LDAP topology image" #: ../../configexamples/l3vpn-hub-and-spoke.rst:42 msgid "Operating system: VyOS" msgstr "Operating system: VyOS" #: ../../configexamples/ha.rst:100 msgid "Our implementation uses VMware's Distributed Port Groups, which allows VMware to use LACP. This is a part of the ENTERPRISE licence, and is not available on a free licence. If you are implementing this and do not have access to DPGs, you should not use VMware, and use some other virtualization platform instead." msgstr "Our implementation uses VMware's Distributed Port Groups, which allows VMware to use LACP. This is a part of the ENTERPRISE licence, and is not available on a free licence. If you are implementing this and do not have access to DPGs, you should not use VMware, and use some other virtualization platform instead." #: ../../configexamples/ha.rst:52 msgid "Our routers are going to have a floating IP address of 203.0.113.1, and use .2 and .3 as their fixed IPs." msgstr "Our routers are going to have a floating IP address of 203.0.113.1, and use .2 and .3 as their fixed IPs." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:23 #: ../../configexamples/wan-load-balancing.rst:23 #: ../../configexamples/wan-load-balancing.rst:75 #: ../../configexamples/wan-load-balancing.rst:104 #: ../../configexamples/wan-load-balancing.rst:135 msgid "Overview" msgstr "Overview" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:82 #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:123 msgid "PE1" msgstr "PE1" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:17 msgid "PE1 is located in an industrial area that holds multiple office buildings. All customers have a site in this area." msgstr "PE1 is located in an industrial area that holds multiple office buildings. All customers have a site in this area." #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:88 #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:129 msgid "PE2" msgstr "PE2" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:19 msgid "PE2 is located in a smaller area where by coincidence two customers (blue and red) share an office building." msgstr "PE2 is located in a smaller area where by coincidence two customers (blue and red) share an office building." #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:94 #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:135 msgid "PE3" msgstr "PE3" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:21 msgid "PE3 is located in a smaller area where by coincidence two customers (blue and green) are located." msgstr "PE3 is located in a smaller area where by coincidence two customers (blue and green) are located." #: ../../configexamples/pppoe-ipv6-basic.rst:7 msgid "PPPoE IPv6 Basic Setup for Home Network" msgstr "PPPoE IPv6 Basic Setup for Home Network" #: ../../configexamples/pppoe-ipv6-basic.rst:29 msgid "PPPoE Setup" msgstr "PPPoE Setup" #: ../../configexamples/lac-lns.rst:7 msgid "PPPoE over L2TP" msgstr "PPPoE over L2TP" #: ../../configexamples/segment-routing-isis.rst:255 msgid "Ping between VyOS-P1 / VyOS-P2 to confirm reachability:" msgstr "Ping between VyOS-P1 / VyOS-P2 to confirm reachability:" #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:73 msgid "Ping the Client from the DHCP Server." msgstr "Ping the Client from the DHCP Server." #: ../../configexamples/wan-load-balancing.rst:26 msgid "Pings will be sent to four targets for health testing (33.44.55.66, 44.55.66.77, 55.66.77.88 and 66.77.88.99)." msgstr "Pings will be sent to four targets for health testing (33.44.55.66, 44.55.66.77, 55.66.77.88 and 66.77.88.99)." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:136 #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:203 msgid "Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, 'valid-lifetime' and 'preferred-lifetime' are set to default values of 30 days and 4 hours respectively." msgstr "Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, 'valid-lifetime' and 'preferred-lifetime' are set to default values of 30 days and 4 hours respectively." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:5 msgid "Policy-Based Site-to-Site VPN and Firewall Configuration" msgstr "Policy-Based Site-to-Site VPN and Firewall Configuration" #: ../../configexamples/azure-vpn-bgp.rst:48 #: ../../configexamples/azure-vpn-dual-bgp.rst:47 msgid "Pre-shared key" msgstr "Pre-shared key" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:14 #: ../../configexamples/azure-vpn-bgp.rst:16 #: ../../configexamples/azure-vpn-dual-bgp.rst:13 msgid "Prerequisites" msgstr "Prerequisites" #: ../../configexamples/ha.rst:520 msgid "Priorities" msgstr "Priorities" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:29 msgid "Protect the router on 'WAN' interface, allowing only IPSec connections and SSH access from trusted IPs." msgstr "Protect the router on 'WAN' interface, allowing only IPSec connections and SSH access from trusted IPs." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:29 msgid "Protect the router on 'WAN' interface, allowing only ipsec connections and ssh access from trusted ips." msgstr "Protect the router on 'WAN' interface, allowing only ipsec connections and ssh access from trusted ips." #: ../../configexamples/ha.rst:230 msgid "Public Network" msgstr "Public Network" #: ../../configexamples/qos.rst:7 msgid "QoS example" msgstr "QoS example" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:100 #: ../../configexamples/l3vpn-hub-and-spoke.rst:86 msgid "RD" msgstr "RD" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:97 msgid "RD & RT Schema" msgstr "RD & RT Schema" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:100 msgid "RT" msgstr "RT" #: ../../configexamples/l3vpn-hub-and-spoke.rst:86 msgid "RT export" msgstr "RT export" #: ../../configexamples/l3vpn-hub-and-spoke.rst:86 msgid "RT import" msgstr "RT import" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:73 msgid "Regular VyOS users will notice that the BGP syntax has changed in VyOS 1.4 from even the prior post about this subject. This is due to T1711, where it was finally decided to get rid of the redundant BGP ASN (Autonomous System Number) specification on the CLI and move it to a single leaf node (set protocols bgp local-as)." msgstr "Regular VyOS users will notice that the BGP syntax has changed in VyOS 1.4 from even the prior post about this subject. This is due to T1711, where it was finally decided to get rid of the redundant BGP ASN (Autonomous System Number) specification on the CLI and move it to a single leaf node (set protocols bgp local-as)." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:120 msgid "Remote Networks" msgstr "Remote Networks" #: ../../configexamples/ha.rst:368 msgid "Replace the 203.0.113.3 with whatever the other router's IP address is." msgstr "Replace the 203.0.113.3 with whatever the other router's IP address is." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:20 msgid "Requested a \"Regular Tunnel\". You want to choose a location that is closest to your physical location for the best response time." msgstr "Requested a \"Regular Tunnel\". You want to choose a location that is closest to your physical location for the best response time." #: ../../configexamples/bgp-ipv6-unnumbered.rst:55 #: ../../configexamples/ospf-unnumbered.rst:50 msgid "Results" msgstr "Results" #: ../../configexamples/l3vpn-hub-and-spoke.rst:86 msgid "Role" msgstr "Role" #: ../../configexamples/azure-vpn-dual-bgp.rst:6 msgid "Route-Based Redundant Site-to-Site VPN to Azure (BGP over IKEv2/IPsec)" msgstr "Route-Based Redundant Site-to-Site VPN to Azure (BGP over IKEv2/IPsec)" #: ../../configexamples/azure-vpn-bgp.rst:6 msgid "Route-Based Site-to-Site VPN to Azure (BGP over IKEv2/IPsec)" msgstr "Route-Based Site-to-Site VPN to Azure (BGP over IKEv2/IPsec)" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:767 msgid "Route-Filtering" msgstr "Route-Filtering" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:118 msgid "Routed /48. This is something you can request by clicking the \"Assign /48\" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k" msgstr "Routed /48. This is something you can request by clicking the \"Assign /48\" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:115 msgid "Routed /64. This is the default assignment. In IPv6-land, it's good for a single \"LAN\", and is somewhat equivalent to a /24." msgstr "Routed /64. This is the default assignment. In IPv6-land, it's good for a single \"LAN\", and is somewhat equivalent to a /24." #: ../../configexamples/bgp-ipv6-unnumbered.rst:14 #: ../../configexamples/bgp-ipv6-unnumbered.rst:57 #: ../../configexamples/ospf-unnumbered.rst:14 #: ../../configexamples/ospf-unnumbered.rst:52 msgid "Router A:" msgstr "Router A:" #: ../../configexamples/pppoe-ipv6-basic.rst:61 msgid "Router Advertisement" msgstr "Router Advertisement" #: ../../configexamples/bgp-ipv6-unnumbered.rst:34 #: ../../configexamples/bgp-ipv6-unnumbered.rst:118 #: ../../configexamples/ospf-unnumbered.rst:31 #: ../../configexamples/ospf-unnumbered.rst:87 msgid "Router B:" msgstr "Router B:" #: ../../configexamples/ha.rst:538 msgid "Router id's must be unique." msgstr "Router id's must be unique." #: ../../configexamples/zone-policy.rst:88 msgid "Ruleset are created per zone-pair-direction." msgstr "Ruleset are created per zone-pair-direction." #: ../../configexamples/fwall-and-bridge.rst:7 #: ../../configexamples/fwall-and-vrf.rst:5 msgid "Scenario and requirements" msgstr "Scenario and requirements" #: ../../configexamples/segment-routing-isis.rst:7 msgid "Segment-routing IS-IS example" msgstr "Segment-routing IS-IS example" #: ../../configexamples/pppoe-ipv6-basic.rst:73 msgid "Set DNS server address in the advertisement so that clients can obtain it by using RDNSS option. Most operating systems (Windows, Linux, Mac) should already support it." msgstr "Set DNS server address in the advertisement so that clients can obtain it by using RDNSS option. Most operating systems (Windows, Linux, Mac) should already support it." #: ../../configexamples/qos.rst:40 msgid "Set IP addresses on all VPCs and a default gateway 172.17.1.1. We'll use in this case only static routes. On the VyOS3 router, we need to change the 'dscp' labels for the VPCs. To do this, we use this configuration." msgstr "Set IP addresses on all VPCs and a default gateway 172.17.1.1. We'll use in this case only static routes. On the VyOS3 router, we need to change the 'dscp' labels for the VPCs. To do this, we use this configuration." #: ../../configexamples/pppoe-ipv6-basic.rst:72 msgid "Set MTU in advertisement to 1492 because of PPPoE header overhead." msgstr "Set MTU in advertisement to 1492 because of PPPoE header overhead." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:143 msgid "Set the VRF name and Table ID, set interface address and bind it to the VRF. Last add the static route to the remote network." msgstr "Set the VRF name and Table ID, set interface address and bind it to the VRF. Last add the static route to the remote network." #: ../../configexamples/ha.rst:522 msgid "Set the cost on the secondary links to be 200. This means that they will not be used unless the primary links are down." msgstr "Set the cost on the secondary links to be 200. This means that they will not be used unless the primary links are down." #: ../../configexamples/autotest/Wireguard/Wireguard.rst:27 msgid "Set the local subnet on eth2 and the public ip address eth1 on each site." msgstr "Set the local subnet on eth2 and the public ip address eth1 on each site." #: ../../configexamples/qos.rst:159 msgid "Set up bandwidth limits on the eth2 interface of the router “VyOS2”." msgstr "Set up bandwidth limits on the eth2 interface of the router “VyOS2”." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:147 msgid "Sets your LAN interface's IP address" msgstr "Sets your LAN interface's IP address" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:235 msgid "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF." msgstr "Setting BGP global local-as as well inside the VRF. Redistribute static routes to inject configured networks into the BGP process but still inside the VRF." #: ../../configexamples/ansible.rst:10 msgid "Setting up Ansible on a server running the Debian operating system." msgstr "Setting up Ansible on a server running the Debian operating system." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:59 msgid "Setup the IPv6 default route to the tunnel interface" msgstr "Setup the IPv6 default route to the tunnel interface" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 msgid "Setup the ipv6 default route to the tunnel interface" msgstr "Setup the ipv6 default route to the tunnel interface" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:148 msgid "Show routes for all VRFs" msgstr "Show routes for all VRFs" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:206 msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`." msgstr "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:214 msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." msgstr "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." #: ../../configexamples/pppoe-ipv6-basic.rst:78 msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." msgstr "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." #: ../../configexamples/fwall-and-bridge.rst:260 msgid "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." msgstr "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." #: ../../configexamples/site-2-site-cisco.rst:128 msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" #: ../../configexamples/zone-policy.rst:226 msgid "Since we have 4 zones, we need to setup the following rulesets." msgstr "Since we have 4 zones, we need to setup the following rulesets." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:127 msgid "Single LAN Setup" msgstr "Single LAN Setup" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:129 msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" #: ../../configexamples/site-2-site-cisco.rst:4 msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN" msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:187 msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" msgstr "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" #: ../../configexamples/fwall-and-bridge.rst:87 msgid "So first, let's create the required firewall interface groups:" msgstr "So first, let's create the required firewall interface groups:" #: ../../configexamples/zone-policy.rst:406 msgid "Something like:" msgstr "Something like:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:91 #: ../../configexamples/l3vpn-hub-and-spoke.rst:93 msgid "Spoke" msgstr "Spoke" #: ../../configexamples/zone-policy.rst:348 msgid "Start by setting the interface and default action for each zone." msgstr "Start by setting the interface and default action for each zone." #: ../../configexamples/ansible.rst:122 msgid "Start the playbook:" msgstr "Start the playbook:" #: ../../configexamples/zone-policy.rst:8 msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." #: ../../configexamples/zone-policy.rst:8 msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." #: ../../configexamples/l3vpn-hub-and-spoke.rst:105 msgid "Step-1: Configuring IGP and enabling MPLS LDP" msgstr "Step-1: Configuring IGP and enabling MPLS LDP" #: ../../configexamples/l3vpn-hub-and-spoke.rst:322 msgid "Step-2: Configuring iBGP for L3VPN control-plane" msgstr "Step-2: Configuring iBGP for L3VPN control-plane" #: ../../configexamples/l3vpn-hub-and-spoke.rst:407 msgid "Step-3: Configuring L3VPN VRFs on PE nodes" msgstr "Step-3: Configuring L3VPN VRFs on PE nodes" #: ../../configexamples/l3vpn-hub-and-spoke.rst:482 msgid "Step-4: Configuring CE nodes" msgstr "Step-4: Configuring CE nodes" #: ../../configexamples/l3vpn-hub-and-spoke.rst:545 msgid "Step-5: Verification" msgstr "Step-5: Verification" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:137 msgid "Step 1: VRF and Configurations to remote networks" msgstr "Step 1: VRF and Configurations to remote networks" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:228 msgid "Step 2: BGP Configuration for VRF-Lite" msgstr "Step 2: BGP Configuration for VRF-Lite" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:287 msgid "Step 3: VPN Configuration" msgstr "Step 3: VPN Configuration" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:422 msgid "Step 4: End to End verification" msgstr "Step 4: End to End verification" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:103 msgid "Tenant networks (VRFs)" msgstr "Tenant networks (VRFs)" #: ../../configexamples/ha.rst:489 msgid "Test OSPF" msgstr "Test OSPF" #: ../../configexamples/ha.rst:412 msgid "Test WireGuard" msgstr "Test WireGuard" #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:71 msgid "Test the result" msgstr "Test the result" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:6 msgid "Testdate: 2023-02-24" msgstr "Testdate: 2023-02-24" #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:6 #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:6 #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:7 msgid "Testdate: 2023-05-11" msgstr "Testdate: 2023-05-11" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:6 #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:7 msgid "Testdate: 2023-08-31" msgstr "Testdate: 2023-08-31" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:6 #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:7 msgid "Testdate: 2024-01-13" msgstr "Testdate: 2024-01-13" #: ../../configexamples/ha.rst:276 #: ../../configexamples/ha.rst:337 msgid "Testing" msgstr "Testing" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:143 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:85 msgid "Testing and debugging" msgstr "Testing and debugging" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 msgid "That's how you can expand the example above. Use the `Routed /48` information. This allows you to assign a different /64 to every interface, LAN, or even device. Or you could break your network into smaller chunks like /56 or /60." msgstr "That's how you can expand the example above. Use the `Routed /48` information. This allows you to assign a different /64 to every interface, LAN, or even device. Or you could break your network into smaller chunks like /56 or /60." #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:23 msgid "The Lab asume a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." msgstr "The Lab asume a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:15 msgid "The Topology are consists of:" msgstr "The Topology are consists of:" #: ../../configexamples/zone-policy.rst:47 msgid "The VyOS interface is assigned the .1/:1 address of their respective networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30." msgstr "The VyOS interface is assigned the .1/:1 address of their respective networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30." #: ../../configexamples/ha.rst:30 msgid "The ``commit`` command is implied after every section. If you make an error, ``commit`` will warn you and you can fix it before getting too far into things. Please ensure you commit early and commit often." msgstr "The ``commit`` command is implied after every section. If you make an error, ``commit`` will warn you and you can fix it before getting too far into things. Please ensure you commit early and commit often." #: ../../configexamples/ha.rst:543 msgid "The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24." msgstr "The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 msgid "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." msgstr "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." #: ../../configexamples/segment-routing-isis.rst:19 msgid "The below configuration is used as example where we keep focus on VyOS-P1/VyOS-P2/XRv-P3 which we share the settings." msgstr "The below configuration is used as example where we keep focus on VyOS-P1/VyOS-P2/XRv-P3 which we share the settings." #: ../../configexamples/wan-load-balancing.rst:82 msgid "The configuration steps are the same as in the previous example, except rule 10. So we keep the configuration, remove rule 10 and add a new rule for the failover mode:" msgstr "The configuration steps are the same as in the previous example, except rule 10. So we keep the configuration, remove rule 10 and add a new rule for the failover mode:" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:28 msgid "The example topology has 2 VyOS routers. One as The WAN Router and on as a Client, to test a single LAN setup" msgstr "The example topology has 2 VyOS routers. One as The WAN Router and on as a Client, to test a single LAN setup" #: ../../configexamples/zone-policy.rst:123 msgid "The first two rules are to deal with the idiosyncrasies of VyOS and iptables." msgstr "The first two rules are to deal with the idiosyncrasies of VyOS and iptables." #: ../../configexamples/zone-policy.rst:172 msgid "The following are the rules that were created for this example (may not be complete), both in IPv4 and IPv6. If there is no IP specified, then the source/destination address is not explicit." msgstr "The following are the rules that were created for this example (may not be complete), both in IPv4 and IPv6. If there is no IP specified, then the source/destination address is not explicit." #: ../../configexamples/l3vpn-hub-and-spoke.rst:40 msgid "The following software was used in the creation of this document:" msgstr "The following software was used in the creation of this document:" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:122 msgid "The following template configuration can be used in each remote router based in our topology." msgstr "The following template configuration can be used in each remote router based in our topology." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:177 msgid "The format of these addresses:" msgstr "The format of these addresses:" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:42 msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." msgstr "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:23 msgid "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." msgstr "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." #: ../../configexamples/site-2-site-cisco.rst:14 msgid "The lab was built using EVE-NG." msgstr "The lab was built using EVE-NG." #: ../../configexamples/index.rst:33 msgid "The next pages contains automatic full tested configuration examples." msgstr "The next pages contains automatic full tested configuration examples." #: ../../configexamples/wan-load-balancing.rst:97 msgid "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order." msgstr "The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order." #: ../../configexamples/index.rst:41 msgid "The process will do the following steps:" msgstr "The process will do the following steps:" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:16 msgid "The scope of this document is to cover such cases in a dynamic way without the use of MPLS-LDP." msgstr "The scope of this document is to cover such cases in a dynamic way without the use of MPLS-LDP." #: ../../configexamples/wan-load-balancing.rst:14 msgid "The setup used in this example is shown in the following diagram:" msgstr "The setup used in this example is shown in the following diagram:" #: ../../configexamples/ansible.rst:161 msgid "The simple way without configuration of the hostname (one task for all routers):" msgstr "The simple way without configuration of the hostname (one task for all routers):" #: ../../configexamples/ha.rst:339 msgid "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router." msgstr "The simplest way to test is to look at the connection tracking stats on the standby hardware router with the command ``show conntrack-sync statistics``. The numbers should be very close to the numbers on the primary router." #: ../../configexamples/ha.rst:267 msgid "The sync group is used to replicate connection tracking. It needs to be assigned to a random VRRP group, and we are creating a sync group called ``sync`` using the vrrp group ``int``." msgstr "The sync group is used to replicate connection tracking. It needs to be assigned to a random VRRP group, and we are creating a sync group called ``sync`` using the vrrp group ``int``." #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:17 msgid "The topology has 3 VyOS routers and one client. Between the DHCP Server and the DHCP Relay is a GRE tunnel. The `transport` VyOS represent a large Network." msgstr "The topology has 3 VyOS routers and one client. Between the DHCP Server and the DHCP Relay is a GRE tunnel. The `transport` VyOS represent a large Network." #: ../../configexamples/autotest/Wireguard/Wireguard.rst:17 msgid "The topology have a central and a branch VyOS router and one client, to test, in each site." msgstr "The topology have a central and a branch VyOS router and one client, to test, in each site." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:803 msgid "Then add a route-map and reference to above prefix. Consider that the actions taken inside the prefix will MATCH the routes that will be affected by the actions inside the rules of the route-map." msgstr "Then add a route-map and reference to above prefix. Consider that the actions taken inside the prefix will MATCH the routes that will be affected by the actions inside the rules of the route-map." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:820 msgid "Then we need to attach the policy to the BGP process. This needs to be under the import statement in the vrf we need to filter." msgstr "Then we need to attach the policy to the BGP process. This needs to be under the import statement in the vrf we need to filter." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:317 msgid "There are some cases where this is not needed -for example, in some DDoS appliance- but most inter-vrf routing designs use the above configurations." msgstr "There are some cases where this is not needed -for example, in some DDoS appliance- but most inter-vrf routing designs use the above configurations." #: ../../configexamples/ha.rst:360 msgid "There is plenty of instructions and documentation on setting up Wireguard. The only important thing you need to remember is to only use one WireGuard interface per OSPF connection." msgstr "There is plenty of instructions and documentation on setting up Wireguard. The only important thing you need to remember is to only use one WireGuard interface per OSPF connection." #: ../../configexamples/ha.rst:67 msgid "These are the vlans we will be using:" msgstr "These are the vlans we will be using:" #: ../../configexamples/ha.rst:48 msgid "They want us to establish a BGP session to their routers on 192.0.2.11 and 192.0.2.12 from our routers 192.0.2.21 and 192.0.2.22. They are AS 65550 and we are AS 65551." msgstr "They want us to establish a BGP session to their routers on 192.0.2.11 and 192.0.2.12 from our routers 192.0.2.21 and 192.0.2.22. They are AS 65550 and we are AS 65551." #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:10 msgid "This LAB show how to uwe OpenVPN with a Active Directory authentication backend." msgstr "This LAB show how to uwe OpenVPN with a Active Directory authentication backend." #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:10 msgid "This LAB shows how to use OpenVPN with a Active Directory authentication method." msgstr "This LAB shows how to use OpenVPN with a Active Directory authentication method." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:145 msgid "This accomplishes a few things:" msgstr "This accomplishes a few things:" #: ../../configexamples/index.rst:6 msgid "This chapter contains various configuration examples:" msgstr "This chapter contains various configuration examples:" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 msgid "This configuration example and the requirements consists of:" msgstr "This configuration example and the requirements consists of:" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 msgid "This configuration example and the requirments consists of:" msgstr "This configuration example and the requirments consists of:" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 msgid "This configuration example and the requirments consists on:" msgstr "This configuration example and the requirments consists on:" #: ../../configexamples/ha.rst:13 msgid "This document aims to walk you through setting everything up, so at a point where you can reboot any machine and not lose more than a few seconds worth of connectivity." msgstr "This document aims to walk you through setting everything up, so at a point where you can reboot any machine and not lose more than a few seconds worth of connectivity." #: ../../configexamples/lac-lns.rst:9 msgid "This document is to describe a basic setup using PPPoE over L2TP. LAC and LNS are components of the broadband topology. LAC - L2TP access concentrator LNS - L2TP Network Server LAC and LNS forms L2TP tunnel. LAC receives packets from PPPoE clients and forward them to LNS. LNS is the termination point that comes from PPP packets from the remote client." msgstr "This document is to describe a basic setup using PPPoE over L2TP. LAC and LNS are components of the broadband topology. LAC - L2TP access concentrator LNS - L2TP Network Server LAC and LNS forms L2TP tunnel. LAC receives packets from PPPoE clients and forward them to LNS. LNS is the termination point that comes from PPP packets from the remote client." #: ../../configexamples/pppoe-ipv6-basic.rst:9 msgid "This document is to describe a basic setup using PPPoE with DHCPv6-PD + SLAAC to construct a typical home network. The user can follow the steps described here to quickly setup a working network and use this as a starting point to further configure or fine-tune other settings." msgstr "This document is to describe a basic setup using PPPoE with DHCPv6-PD + SLAAC to construct a typical home network. The user can follow the steps described here to quickly setup a working network and use this as a starting point to further configure or fine-tune other settings." #: ../../configexamples/ha.rst:9 msgid "This document walks you through a complete HA setup of two VyOS machines. This design is based on a VM as the primary router and a physical machine as a backup, using VRRP, BGP, OSPF, and conntrack sharing." msgstr "This document walks you through a complete HA setup of two VyOS machines. This design is based on a VM as the primary router and a physical machine as a backup, using VRRP, BGP, OSPF, and conntrack sharing." #: ../../configexamples/ha.rst:38 msgid "This ensures you don't go too fast or miss a step. However, it will make your life easier to configure the fixed IP address and default route now on the hardware router." msgstr "This ensures you don't go too fast or miss a step. However, it will make your life easier to configure the fixed IP address and default route now on the hardware router." #: ../../configexamples/fwall-and-vrf.rst:7 msgid "This example shows how to configure a VyOS router with VRFs and firewall rules." msgstr "This example shows how to configure a VyOS router with VRFs and firewall rules." #: ../../configexamples/fwall-and-bridge.rst:9 msgid "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." msgstr "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." #: ../../configexamples/wan-load-balancing.rst:70 msgid "This example uses the failover mode." msgstr "This example uses the failover mode." #: ../../configexamples/segment-routing-isis.rst:112 msgid "This gives us MPLS segment routing enabled and labels forwarding :" msgstr "This gives us MPLS segment routing enabled and labels forwarding :" #: ../../configexamples/site-2-site-cisco.rst:6 msgid "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel." msgstr "This guide shows a sample configuration for FlexVPN site-to-site Internet Protocol Security (IPsec)/Generic Routing Encapsulation (GRE) tunnel." #: ../../configexamples/azure-vpn-dual-bgp.rst:8 msgid "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates." msgstr "This guide shows an example of a redundant (active-active) route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates." #: ../../configexamples/azure-vpn-bgp.rst:8 msgid "This guide shows an example of a route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates." msgstr "This guide shows an example of a route-based IKEv2 site-to-site VPN to Azure using VTI and BGP for dynamic routing updates." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:7 msgid "This guide shows an example policy-based IKEv2 site-to-site VPN between two VyOS routers, and firewall configiuration." msgstr "This guide shows an example policy-based IKEv2 site-to-site VPN between two VyOS routers, and firewall configiuration." #: ../../configexamples/policy-based-ipsec-and-firewall.rst:7 msgid "This guide shows an example policy-based IKEv2 site-to-site VPN between two VyOS routers, and firewall configuration." msgstr "This guide shows an example policy-based IKEv2 site-to-site VPN between two VyOS routers, and firewall configuration." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:10 msgid "This guide walks through the setup of https://www.tunnelbroker.net/ for an IPv6 Tunnel." msgstr "This guide walks through the setup of https://www.tunnelbroker.net/ for an IPv6 Tunnel." #: ../../configexamples/ha.rst:197 msgid "This has a floating IP address of 10.200.201.1/24, using virtual router ID 201. The difference between them is the interface name, hello-source-address, and peer-address." msgstr "This has a floating IP address of 10.200.201.1/24, using virtual router ID 201. The difference between them is the interface name, hello-source-address, and peer-address." #: ../../configexamples/ha.rst:232 msgid "This has a floating IP address of 203.0.113.1/24, using virtual router ID 113. The virtual router ID is just a random number between 1 and 254, and can be set to whatever you want. Best practices suggest you try to keep them unique enterprise-wide." msgstr "This has a floating IP address of 203.0.113.1/24, using virtual router ID 113. The virtual router ID is just a random number between 1 and 254, and can be set to whatever you want. Best practices suggest you try to keep them unique enterprise-wide." #: ../../configexamples/zone-policy.rst:248 msgid "This is an example of the three base rules." msgstr "This is an example of the three base rules." #: ../../configexamples/ha.rst:20 msgid "This is based on a real-life production design. One of the complex issues is ensuring you have redundant data INTO your network. We do this with a pair of Cisco Nexus switches and using Virtual PortChannels that are spanned across them. As a bonus, this also allows for complete switch failure without an outage. How you achieve this yourself is left as an exercise to the reader. But our setup is documented here." msgstr "This is based on a real-life production design. One of the complex issues is ensuring you have redundant data INTO your network. We do this with a pair of Cisco Nexus switches and using Virtual PortChannels that are spanned across them. As a bonus, this also allows for complete switch failure without an outage. How you achieve this yourself is left as an exercise to the reader. But our setup is documented here." #: ../../configexamples/ha.rst:391 msgid "This is connecting back to the STATIC IP of router1, not the floating." msgstr "This is connecting back to the STATIC IP of router1, not the floating." #: ../../configexamples/ha.rst:583 msgid "This is identical, but you use the BGPPREPENDOUT route-map to advertise the route with a longer path." msgstr "This is identical, but you use the BGPPREPENDOUT route-map to advertise the route with a longer path." #: ../../configexamples/ha.rst:96 msgid "This is ignoring the extra Out-of-band management networking, which should be on totally different switches, and a different feed into the rack, and is out of scope of this." msgstr "This is ignoring the extra Out-of-band management networking, which should be on totally different switches, and a different feed into the rack, and is out of scope of this." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:38 msgid "This scenario could be a nightmare applying regular routing and might need filtering in multiple interfaces." msgstr "This scenario could be a nightmare applying regular routing and might need filtering in multiple interfaces." #: ../../configexamples/firewall.rst:6 msgid "This section contains examples of firewall configurations for various deployments." msgstr "This section contains examples of firewall configurations for various deployments." #: ../../configexamples/l3vpn-hub-and-spoke.rst:547 msgid "This section describes verification commands for MPLS/BGP/LDP protocols and L3VPN related routes as well as diagnosis and reachability checks between CE nodes." msgstr "This section describes verification commands for MPLS/BGP/LDP protocols and L3VPN related routes as well as diagnosis and reachability checks between CE nodes." #: ../../configexamples/l3vpn-hub-and-spoke.rst:409 msgid "This section provides configuration steps for setting up VRFs on our PE nodes including CE facing interfaces, BGP, rd and route-target import/export based on the pre-defined parameters." msgstr "This section provides configuration steps for setting up VRFs on our PE nodes including CE facing interfaces, BGP, rd and route-target import/export based on the pre-defined parameters." #: ../../configexamples/lac-lns.rst:91 msgid "This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ppp-options disable-ccp`` accomplishes that." msgstr "This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ppp-options disable-ccp`` accomplishes that." #: ../../configexamples/autotest/Wireguard/Wireguard.rst:10 msgid "This simple structure show how to connect two offices. One remote branch and the central office." msgstr "This simple structure show how to connect two offices. One remote branch and the central office." #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:10 msgid "This simple structure shows how to configure a DHCP Relay over a GRE Bridge interface." msgstr "This simple structure shows how to configure a DHCP Relay over a GRE Bridge interface." #: ../../configexamples/ha.rst:531 msgid "This will be visible in 'show ip route'." msgstr "This will be visible in 'show ip route'." #: ../../configexamples/fwall-and-bridge.rst:12 msgid "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." msgstr "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:112 msgid "Thus you can easily match it to one of the devices/networks below." msgstr "Thus you can easily match it to one of the devices/networks below." #: ../../configexamples/pppoe-ipv6-basic.rst:14 msgid "To achieve this, your ISP is required to support DHCPv6-PD. If you're not sure, please contact your ISP for more information." msgstr "To achieve this, your ISP is required to support DHCPv6-PD. If you're not sure, please contact your ISP for more information." #: ../../configexamples/zone-policy.rst:134 msgid "To add logging to the default rule, do:" msgstr "To add logging to the default rule, do:" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:54 msgid "To address this scenario we will use to our advantage an extension of the BGP routing protocol that will help us in the “Export” between VRFs without the need for MPLS." msgstr "To address this scenario we will use to our advantage an extension of the BGP routing protocol that will help us in the “Export” between VRFs without the need for MPLS." #: ../../configexamples/l3vpn-hub-and-spoke.rst:31 msgid "To deploy a Layer3 VPN with MPLS on VyOS, we should meet a couple requirements in order to properly implement the solution. We'll use the following nodes in our LAB environment:" msgstr "To deploy a Layer3 VPN with MPLS on VyOS, we should meet a couple requirements in order to properly implement the solution. We'll use the following nodes in our LAB environment:" #: ../../configexamples/pppoe-ipv6-basic.rst:84 msgid "To have basic protection while keeping IPv6 network functional, we need to:" msgstr "To have basic protection while keeping IPv6 network functional, we need to:" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:68 msgid "To reach the network, a route must be set on each VyOS host. In this structure, a static interface route will fit the requirements." msgstr "To reach the network, a route must be set on each VyOS host. In this structure, a static interface route will fit the requirements." #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:15 #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:52 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:15 #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:26 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:72 #: ../../configexamples/l3vpn-hub-and-spoke.rst:55 msgid "Topology" msgstr "Topology" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:15 msgid "Topology consists of:" msgstr "Topology consists of:" #: ../../configexamples/zone-policy.rst:85 msgid "Traffic flows from zone A to zone B. That flow is what I refer to as a zone-pair-direction. eg. A->B and B->A are two zone-pair-destinations." msgstr "Traffic flows from zone A to zone B. That flow is what I refer to as a zone-pair-direction. eg. A->B and B->A are two zone-pair-destinations." #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:31 msgid "Transport:" msgstr "Transport:" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:5 msgid "Tunnelbroker.net (IPv6)" msgstr "Tunnelbroker.net (IPv6)" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:-1 msgid "Tunnelbroker topology image" msgstr "Tunnelbroker topology image" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:18 msgid "Two VyOS routers with public IP address." msgstr "Two VyOS routers with public IP address." #: ../../configexamples/wan-load-balancing.rst:105 msgid "Two rules will be created, the first rule directs traffic coming in from eth2 to eth0 and the second rule directs the traffic to eth1. If eth0 fails the first rule is bypassed and the second rule matches, directing traffic to eth1." msgstr "Two rules will be created, the first rule directs traffic coming in from eth2 to eth0 and the second rule directs the traffic to eth1. If eth0 fails the first rule is bypassed and the second rule matches, directing traffic to eth1." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." msgstr "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." #: ../../configexamples/ansible.rst:15 #: ../../configexamples/qos.rst:16 msgid "Using the general schema for example:" msgstr "Using the general schema for example:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:783 msgid "Using this command we are also able to check the transport and customer label (inner/outer) for Hub network prefix (10.0.0.100/32):" msgstr "Using this command we are also able to check the transport and customer label (inner/outer) for Hub network prefix (10.0.0.100/32):" #: ../../configexamples/ha.rst:143 msgid "VLAN 100 and 201 will have floating IP addresses, but VLAN50 does not, as this is talking directly to upstream. Create our IP address on vlan50." msgstr "VLAN 100 and 201 will have floating IP addresses, but VLAN50 does not, as this is talking directly to upstream. Create our IP address on vlan50." #: ../../configexamples/ha.rst:65 msgid "VLANs" msgstr "VLANs" #: ../../configexamples/ha.rst:120 msgid "VMware: You must DISABLE SECURITY on this Port group. Make sure that ``Promiscuous Mode``\\ , ``MAC address changes`` and ``Forged transmits`` are enabled. All of these will be done as part of failover." msgstr "VMware: You must DISABLE SECURITY on this Port group. Make sure that ``Promiscuous Mode``\\ , ``MAC address changes`` and ``Forged transmits`` are enabled. All of these will be done as part of failover." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:100 #: ../../configexamples/l3vpn-hub-and-spoke.rst:86 msgid "VRF" msgstr "VRF" #: ../../configexamples/fwall-and-vrf.rst:24 msgid "VRF LAN:" msgstr "VRF LAN:" #: ../../configexamples/fwall-and-vrf.rst:21 msgid "VRF MGMT:" msgstr "VRF MGMT:" #: ../../configexamples/fwall-and-vrf.rst:26 msgid "VRF PROD:" msgstr "VRF PROD:" #: ../../configexamples/fwall-and-vrf.rst:29 msgid "VRF WAN:" msgstr "VRF WAN:" #: ../../configexamples/fwall-and-vrf.rst:2 msgid "VRF and firewall example" msgstr "VRF and firewall example" #: ../../configexamples/ha.rst:189 msgid "VRRP Configuration" msgstr "VRRP Configuration" #: ../../configexamples/fwall-and-bridge.rst:347 msgid "Validation" msgstr "Validation" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:160 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:829 #: ../../configexamples/site-2-site-cisco.rst:134 msgid "Verification" msgstr "Verification" #: ../../configexamples/l3vpn-hub-and-spoke.rst:43 msgid "Version: 1.4-rolling-202110310317" msgstr "Version: 1.4-rolling-202110310317" #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:7 #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:7 #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:8 msgid "Version: 1.4-rolling-202305100734" msgstr "Version: 1.4-rolling-202305100734" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:7 #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:8 msgid "Version: 1.4-rolling-202308240020" msgstr "Version: 1.4-rolling-202308240020" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:7 #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:8 msgid "Version: 1.5-rolling-202401121239" msgstr "Version: 1.5-rolling-202401121239" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:7 msgid "Version: vyos-1.4-rolling-202302150317" msgstr "Version: vyos-1.4-rolling-202302150317" #: ../../configexamples/site-2-site-cisco.rst:21 msgid "VyOS" msgstr "VyOS" #: ../../configexamples/l3vpn-hub-and-spoke.rst:1025 msgid "VyOS-CE-HUB -------> VyOS-CE1-SPOKE" msgstr "VyOS-CE-HUB -------> VyOS-CE1-SPOKE" #: ../../configexamples/l3vpn-hub-and-spoke.rst:1026 msgid "VyOS-CE-HUB -------> VyOS-CE2-SPOKE" msgstr "VyOS-CE-HUB -------> VyOS-CE2-SPOKE" #: ../../configexamples/l3vpn-hub-and-spoke.rst:507 msgid "VyOS-CE1-HUB:" msgstr "VyOS-CE1-HUB:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:490 msgid "VyOS-CE1-SPOKE:" msgstr "VyOS-CE1-SPOKE:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:987 msgid "VyOS-CE1-SPOKE -----> VyOS-CE-HUB" msgstr "VyOS-CE1-SPOKE -----> VyOS-CE-HUB" #: ../../configexamples/l3vpn-hub-and-spoke.rst:525 msgid "VyOS-CE2-SPOKE:" msgstr "VyOS-CE2-SPOKE:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:1085 msgid "VyOS-CE2-SPOKE -------> VyOS-CE-HUB" msgstr "VyOS-CE2-SPOKE -------> VyOS-CE-HUB" #: ../../configexamples/l3vpn-hub-and-spoke.rst:112 #: ../../configexamples/segment-routing-isis.rst:26 msgid "VyOS-P1:" msgstr "VyOS-P1:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:142 #: ../../configexamples/segment-routing-isis.rst:90 msgid "VyOS-P2:" msgstr "VyOS-P2:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:168 msgid "VyOS-P3:" msgstr "VyOS-P3:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:194 msgid "VyOS-P4:" msgstr "VyOS-P4:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:91 msgid "VyOS-PE1" msgstr "VyOS-PE1" #: ../../configexamples/l3vpn-hub-and-spoke.rst:224 #: ../../configexamples/l3vpn-hub-and-spoke.rst:362 #: ../../configexamples/l3vpn-hub-and-spoke.rst:413 msgid "VyOS-PE1:" msgstr "VyOS-PE1:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:88 msgid "VyOS-PE2" msgstr "VyOS-PE2" #: ../../configexamples/l3vpn-hub-and-spoke.rst:241 #: ../../configexamples/l3vpn-hub-and-spoke.rst:376 #: ../../configexamples/l3vpn-hub-and-spoke.rst:435 msgid "VyOS-PE2:" msgstr "VyOS-PE2:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:93 msgid "VyOS-PE3" msgstr "VyOS-PE3" #: ../../configexamples/l3vpn-hub-and-spoke.rst:262 #: ../../configexamples/l3vpn-hub-and-spoke.rst:390 #: ../../configexamples/l3vpn-hub-and-spoke.rst:457 msgid "VyOS-PE3:" msgstr "VyOS-PE3:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:834 msgid "VyOS-RR1/RR2" msgstr "VyOS-RR1/RR2" #: ../../configexamples/l3vpn-hub-and-spoke.rst:279 #: ../../configexamples/l3vpn-hub-and-spoke.rst:328 msgid "VyOS-RR1:" msgstr "VyOS-RR1:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:299 #: ../../configexamples/l3vpn-hub-and-spoke.rst:345 msgid "VyOS-RR2:" msgstr "VyOS-RR2:" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:38 msgid "VyOS 1.3 added initial support for VRFs (including IPv4/IPv6 static routing) and VyOS 1.4 now enables full dynamic routing protocol support for OSPF, IS-IS, and BGP for individual VRFs." msgstr "VyOS 1.3 added initial support for VRFs (including IPv4/IPv6 static routing) and VyOS 1.4 now enables full dynamic routing protocol support for OSPF, IS-IS, and BGP for individual VRFs." #: ../../configexamples/zone-policy.rst:32 msgid "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall." msgstr "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall." #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:15 msgid "VyOS as Client" msgstr "VyOS as Client" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:14 msgid "VyOS as a OpenVPN Server" msgstr "VyOS as a OpenVPN Server" #: ../../configexamples/segment-routing-isis.rst:148 msgid "VyOS is able to check MSD per devices:" msgstr "VyOS is able to check MSD per devices:" #: ../../configexamples/azure-vpn-bgp.rst:50 #: ../../configexamples/azure-vpn-dual-bgp.rst:49 msgid "Vyos ASN" msgstr "Vyos ASN" #: ../../configexamples/azure-vpn-bgp.rst:56 #: ../../configexamples/azure-vpn-dual-bgp.rst:55 msgid "Vyos configuration" msgstr "Vyos configuration" #: ../../configexamples/azure-vpn-bgp.rst:42 #: ../../configexamples/azure-vpn-dual-bgp.rst:39 msgid "Vyos private IP" msgstr "Vyos private IP" #: ../../configexamples/azure-vpn-bgp.rst:40 #: ../../configexamples/azure-vpn-dual-bgp.rst:37 msgid "Vyos public IP" msgstr "Vyos public IP" #: ../../configexamples/azure-vpn-bgp.rst:34 #: ../../configexamples/azure-vpn-dual-bgp.rst:31 msgid "WAN Interface" msgstr "WAN Interface" #: ../../configexamples/wan-load-balancing.rst:8 msgid "WAN Load Balancer examples" msgstr "WAN Load Balancer examples" #: ../../configexamples/ha.rst:28 msgid "Walkthrough suggestion" msgstr "Walkthrough suggestion" #: ../../configexamples/ha.rst:55 msgid "We are going to use 10.200.201.0/24 for an 'internal' network on VLAN201." msgstr "We are going to use 10.200.201.0/24 for an 'internal' network on VLAN201." #: ../../configexamples/fwall-and-bridge.rst:80 msgid "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." msgstr "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." #: ../../configexamples/ha.rst:191 msgid "We are setting up VRRP so that it does NOT fail back when a machine returns into service, and it prioritizes router1 over router2." msgstr "We are setting up VRRP so that it does NOT fail back when a machine returns into service, and it prioritizes router1 over router2." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:815 msgid "We are using a \"white list\" approach by allowing only what is necessary. In case that need to implement a \"black list\" approach then you will need to change the action in the route-map for a deny BUT you need to add a rule that permits the rest due to the implicit deny in the route-map." msgstr "We are using a \"white list\" approach by allowing only what is necessary. In case that need to implement a \"black list\" approach then you will need to change the action in the route-map for a deny BUT you need to add a rule that permits the rest due to the implicit deny in the route-map." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:778 msgid "We create a prefix-list first and add all the routes we need to." msgstr "We create a prefix-list first and add all the routes we need to." #: ../../configexamples/ha.rst:300 msgid "We explicitly exclude the primary upstream network so that BGP or OSPF traffic doesn't accidentally get NAT'ed." msgstr "We explicitly exclude the primary upstream network so that BGP or OSPF traffic doesn't accidentally get NAT'ed." #: ../../configexamples/qos.rst:23 msgid "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources." msgstr "We have four hosts on the local network 172.17.1.0/24. All hosts are labeled CS0 by default. We need to replace labels on all hosts except vpc8. We will replace the labels on the nearest router “VyOS3” using the IP addresses of the sources." #: ../../configexamples/ansible.rst:22 msgid "We have four pre-configured routers with this configuration:" msgstr "We have four pre-configured routers with this configuration:" #: ../../configexamples/zone-policy.rst:15 msgid "We have three networks." msgstr "We have three networks." #: ../../configexamples/wan-load-balancing.rst:112 msgid "We keep the configuration from the previous example, delete rule 10 and create the two new rules as described:" msgstr "We keep the configuration from the previous example, delete rule 10 and create the two new rules as described:" #: ../../configexamples/wan-load-balancing.rst:143 msgid "We keep the configuration from the previous example, delete rule 20 and create a new rule as described:" msgstr "We keep the configuration from the previous example, delete rule 20 and create a new rule as described:" #: ../../configexamples/pppoe-ipv6-basic.rst:63 msgid "We need to enable router advertisement for LAN network so that PC can receive the prefix and use SLAAC to configure the address automatically." msgstr "We need to enable router advertisement for LAN network so that PC can receive the prefix and use SLAAC to configure the address automatically." #: ../../configexamples/ha.rst:419 msgid "We only want to export the networks we know. Always do a whitelist on your route filters, both importing and exporting. A good rule of thumb is **'If you are not the default router for a network, don't advertise it'**. This means we explicitly do not want to advertise the 192.0.2.0/24 network (but do want to advertise 10.200.201.0 and 203.0.113.0, which we ARE the default route for). This filter is applied to ``redistribute connected``. If we WERE to advertise it, the remote machines would see 192.0.2.21 available via their default route, establish the connection, and then OSPF would say '192.0.2.0/24 is available via this tunnel', at which point the tunnel would break, OSPF would drop the routes, and then 192.0.2.0/24 would be reachable via default again. This is called 'flapping'." msgstr "We only want to export the networks we know. Always do a whitelist on your route filters, both importing and exporting. A good rule of thumb is **'If you are not the default router for a network, don't advertise it'**. This means we explicitly do not want to advertise the 192.0.2.0/24 network (but do want to advertise 10.200.201.0 and 203.0.113.0, which we ARE the default route for). This filter is applied to ``redistribute connected``. If we WERE to advertise it, the remote machines would see 192.0.2.21 available via their default route, establish the connection, and then OSPF would say '192.0.2.0/24 is available via this tunnel', at which point the tunnel would break, OSPF would drop the routes, and then 192.0.2.0/24 would be reachable via default again. This is called 'flapping'." #: ../../configexamples/ha.rst:450 msgid "We only want to import networks we know. Our OSPF peer should only be advertising networks in the 10.201.0.0/16 range. Note that this is an INVERSE MATCH. You deny in access-list 100 to accept the route." msgstr "We only want to import networks we know. Our OSPF peer should only be advertising networks in the 10.201.0.0/16 range. Note that this is an INVERSE MATCH. You deny in access-list 100 to accept the route." #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:115 msgid "We use a static route configuration in between the Core and each LAN and Management router, and BGP between the Core router and the ISP router but any dynamic routing protocol can be used." msgstr "We use a static route configuration in between the Core and each LAN and Management router, and BGP between the Core router and the ISP router but any dynamic routing protocol can be used." #: ../../configexamples/ha.rst:364 msgid "We use small /30's from 10.254.60/24 for the point-to-point links." msgstr "We use small /30's from 10.254.60/24 for the point-to-point links." #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:54 msgid "We use the following network topology in this example:" msgstr "We use the following network topology in this example:" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:770 msgid "When importing routes using MP-BGP it is possible to filter a subset of them before are injected in the BGP table. One of the most common case is to use a route-map with an prefix-list." msgstr "When importing routes using MP-BGP it is possible to filter a subset of them before are injected in the BGP table. One of the most common case is to use a route-map with an prefix-list." #: ../../configexamples/ha.rst:57 msgid "When traffic is originated from the 10.200.201.0/24 network, it will be masqueraded to 203.0.113.1" msgstr "When traffic is originated from the 10.200.201.0/24 network, it will be masqueraded to 203.0.113.1" #: ../../configexamples/segment-routing-isis.rst:9 msgid "When utilizing VyOS in an environment with Cisco IOS-XR gear you can use this blue print as an initial setup to get MPLS ISIS-SR working between those two devices.The lab was build using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." msgstr "When utilizing VyOS in an environment with Cisco IOS-XR gear you can use this blue print as an initial setup to get MPLS ISIS-SR working between those two devices.The lab was build using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." #: ../../configexamples/ha.rst:343 msgid "When you have both routers up, you should be able to establish a connection from a NAT'ed machine out to the internet, reboot the active machine, and that connection should be preserved, and will not drop out." msgstr "When you have both routers up, you should be able to establish a connection from a NAT'ed machine out to the internet, reboot the active machine, and that connection should be preserved, and will not drop out." #: ../../configexamples/ha.rst:491 msgid "When you have enabled OSPF on both routers, you should be able to see each other with the command ``show ip ospf neighbour``. The state must be 'Full' or '2-Way'. If it is not, then there is a network connectivity issue between the hosts. This is often caused by NAT or MTU issues. You should not see any new routes (unless this is the second pass) in the output of ``show ip route``" msgstr "When you have enabled OSPF on both routers, you should be able to see each other with the command ``show ip ospf neighbour``. The state must be 'Full' or '2-Way'. If it is not, then there is a network connectivity issue between the hosts. This is often caused by NAT or MTU issues. You should not see any new routes (unless this is the second pass) in the output of ``show ip route``" #: ../../configexamples/fwall-and-bridge.rst:349 msgid "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." msgstr "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." #: ../../configexamples/lac-lns.rst:-1 msgid "Window PPPoE Client Configuration" msgstr "Window PPPoE Client Configuration" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:13 msgid "Windows Server 2019 with a running Active Directory" msgstr "Windows Server 2019 with a running Active Directory" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:3 msgid "Wireguard" msgstr "Wireguard" #: ../../configexamples/ha.rst:350 msgid "Wireguard doesn't have the concept of an up or down link, due to its design. This complicates AND simplifies using it for network transport, as for reliable state detection you need to use SOMETHING to detect when the link is down." msgstr "Wireguard doesn't have the concept of an up or down link, due to its design. This complicates AND simplifies using it for network transport, as for reliable state detection you need to use SOMETHING to detect when the link is down." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 msgid "With Tunnelbroker.net, you have two options:" msgstr "With Tunnelbroker.net, you have two options:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:907 msgid "With this command we are able to check the transport and customer label (inner/outer) for network spokes prefixes 10.0.0.80/32 - 10.0.0.90/32" msgstr "With this command we are able to check the transport and customer label (inner/outer) for network spokes prefixes 10.0.0.80/32 - 10.0.0.90/32" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:293 msgid "Within the VRF we set the Route-Distinguisher (RD) and Route-Targets (RT), then we enable the export/import VPN." msgstr "Within the VRF we set the Route-Distinguisher (RD) and Route-Targets (RT), then we enable the export/import VPN." #: ../../configexamples/fwall-and-bridge.rst:22 msgid "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" msgstr "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" #: ../../configexamples/segment-routing-isis.rst:48 msgid "XRv-P3:" msgstr "XRv-P3:" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:145 msgid "You managed to come this far, now we want to see the network and routing tables in action." msgstr "You managed to come this far, now we want to see the network and routing tables in action." #: ../../configexamples/ha.rst:292 msgid "You should be able to ping to and from all the IPs you have allocated." msgstr "You should be able to ping to and from all the IPs you have allocated." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:89 msgid "You should now be able to ping something by IPv6 DNS name:" msgstr "You should now be able to ping something by IPv6 DNS name:" #: ../../configexamples/ha.rst:511 msgid "You should now be able to see the advertised network on the other host." msgstr "You should now be able to see the advertised network on the other host." #: ../../configexamples/zone-policy.rst:378 msgid "You would have 5 zones instead of just 4 and you would configure your v6 ruleset between your tunnel interface and your LAN/DMZ zones instead of to the WAN." msgstr "You would have 5 zones instead of just 4 and you would configure your v6 ruleset between your tunnel interface and your LAN/DMZ zones instead of to the WAN." #: ../../configexamples/zone-policy.rst:403 msgid "You would have to add a couple of rules on your wan-local ruleset to allow protocol 41 in." msgstr "You would have to add a couple of rules on your wan-local ruleset to allow protocol 41 in." #: ../../configexamples/zone-policy.rst:6 msgid "Zone-Policy example" msgstr "Zone-Policy example" #: ../../configexamples/zone-policy.rst:79 msgid "Zones Basics" msgstr "Zones Basics" #: ../../configexamples/zone-policy.rst:126 msgid "Zones and Rulesets both have a default action statement. When using Zone-Policies, the default action is set by the zone-policy statement and is represented by rule 10000." msgstr "Zones and Rulesets both have a default action statement. When using Zone-Policies, the default action is set by the zone-policy statement and is represented by rule 10000." #: ../../configexamples/zone-policy.rst:165 msgid "Zones do not allow for a default action of accept; either drop or reject. It is important to remember this because if you apply an interface to a zone and commit, any active connections will be dropped. Specifically, if you are SSH’d into VyOS and add local or the interface you are connecting through to a zone and do not have rulesets in place to allow SSH and established sessions, you will not be able to connect." msgstr "Zones do not allow for a default action of accept; either drop or reject. It is important to remember this because if you apply an interface to a zone and commit, any active connections will be dropped. Specifically, if you are SSH’d into VyOS and add local or the interface you are connecting through to a zone and do not have rulesets in place to allow SSH and established sessions, you will not be able to connect." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:180 msgid "`2001:470:xxxx:1::/64`: A subnet suitable for a LAN" msgstr "`2001:470:xxxx:1::/64`: A subnet suitable for a LAN" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:181 msgid "`2001:470:xxxx:2::/64`: Another subnet" msgstr "`2001:470:xxxx:2::/64`: Another subnet" #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 msgid "`2001:470:xxxx::/48`: The whole subnet. xxxx should come from Tunnelbroker." msgstr "`2001:470:xxxx::/48`: The whole subnet. xxxx should come from Tunnelbroker." #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:182 msgid "`2001:470:xxxx:ffff:/64`: The last usable /64 subnet." msgstr "`2001:470:xxxx:ffff:/64`: The last usable /64 subnet." #: ../../configexamples/pppoe-ipv6-basic.rst:39 msgid "``service-name`` can be an arbitrary string." msgstr "``service-name`` can be an arbitrary string." #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:75 msgid "after all these steps the config look like this:" msgstr "after all these steps the config look like this:" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:62 msgid "after this create a signed server and a client certificate" msgstr "after this create a signed server and a client certificate" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:69 msgid "and last the DH Key" msgstr "and last the DH Key" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:119 msgid "blue uses local routing table id and VNI 2000" msgstr "blue uses local routing table id and VNI 2000" #: ../../configexamples/azure-vpn-bgp.rst:48 #: ../../configexamples/azure-vpn-dual-bgp.rst:47 msgid "ch00s3-4-s3cur3-psk" msgstr "ch00s3-4-s3cur3-psk" #: ../../configexamples/ha.rst:92 msgid "compute1 - Port 9 of each switch" msgstr "compute1 - Port 9 of each switch" #: ../../configexamples/ha.rst:78 msgid "compute1 (VMware ESXi 6.5)" msgstr "compute1 (VMware ESXi 6.5)" #: ../../configexamples/ha.rst:93 msgid "compute2 - Port 10 of each switch" msgstr "compute2 - Port 10 of each switch" #: ../../configexamples/ha.rst:79 msgid "compute2 (VMware ESXi 6.5)" msgstr "compute2 (VMware ESXi 6.5)" #: ../../configexamples/ha.rst:94 msgid "compute3 - Port 11 of each switch" msgstr "compute3 - Port 11 of each switch" #: ../../configexamples/ha.rst:80 msgid "compute3 (VMware ESXi 6.5)" msgstr "compute3 (VMware ESXi 6.5)" #: ../../configexamples/index.rst:44 msgid "configure each host in the lab" msgstr "configure each host in the lab" #: ../../configexamples/index.rst:43 msgid "create the lab on a eve-ng server" msgstr "create the lab on a eve-ng server" #: ../../configexamples/index.rst:45 msgid "do some defined tests" msgstr "do some defined tests" #: ../../configexamples/azure-vpn-bgp.rst:34 #: ../../configexamples/azure-vpn-dual-bgp.rst:31 msgid "eth0" msgstr "eth0" #: ../../configexamples/wan-load-balancing.rst:30 msgid "eth0 is set to be removed from the load balancer's interface pool after 5 ping failures, eth1 will be removed after 4 ping failures." msgstr "eth0 is set to be removed from the load balancer's interface pool after 5 ping failures, eth1 will be removed after 4 ping failures." #: ../../configexamples/l3vpn-hub-and-spoke.rst:941 msgid "extended community and remote label of specific destination" msgstr "extended community and remote label of specific destination" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:56 msgid "first the PCA" msgstr "first the PCA" #: ../../configexamples/index.rst:47 msgid "generate the documentation and include files" msgstr "generate the documentation and include files" #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:121 msgid "green uses local routing table id and VNI 4000" msgstr "green uses local routing table id and VNI 4000" #: ../../configexamples/l3vpn-hub-and-spoke.rst:764 msgid "information between PE and CE:" msgstr "information between PE and CE:" #: ../../configexamples/index.rst:46 msgid "optional do an upgrade to a higher version and do step 3 again." msgstr "optional do an upgrade to a higher version and do step 3 again." #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:120 msgid "red uses local routing table id and VNI 3000" msgstr "red uses local routing table id and VNI 3000" #: ../../configexamples/ha.rst:81 msgid "router2 (Random 1RU machine with 4 NICs)" msgstr "router2 (Random 1RU machine with 4 NICs)" #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:102 msgid "save the output to a file and import it in nearly all openvpn clients." msgstr "save the output to a file and import it in nearly all openvpn clients." #: ../../configexamples/index.rst:48 msgid "shutdown and destroy the lab, if there is no error" msgstr "shutdown and destroy the lab, if there is no error" #: ../../configexamples/l3vpn-hub-and-spoke.rst:806 msgid "specific VPNv4 destination including extended community and remotelabel information. This procedure is the same on all Spoke nodes:" msgstr "specific VPNv4 destination including extended community and remotelabel information. This procedure is the same on all Spoke nodes:" #: ../../configexamples/ha.rst:76 msgid "switch1 (Nexus 10gb Switch)" msgstr "switch1 (Nexus 10gb Switch)" #: ../../configexamples/ha.rst:77 msgid "switch2 (Nexus 10gb Switch)" msgstr "switch2 (Nexus 10gb Switch)" #: ../../configexamples/zone-policy.rst:384 msgid "v6 pairs would be:" msgstr "v6 pairs would be:" #: ../../configexamples/ansible.rst:34 msgid "vyos10 - 192.0.2.108" msgstr "vyos10 - 192.0.2.108" #: ../../configexamples/ansible.rst:31 msgid "vyos7 - 192.0.2.105" msgstr "vyos7 - 192.0.2.105" #: ../../configexamples/ansible.rst:32 msgid "vyos8 - 192.0.2.106" msgstr "vyos8 - 192.0.2.106" #: ../../configexamples/ansible.rst:33 msgid "vyos9 - 192.0.2.107" msgstr "vyos9 - 192.0.2.107" #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:571 msgid "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail." msgstr "we are using \"source-address\" option cause we are not redistributing connected interfaces into BGP on the Core router hence there is no comeback route and ping will fail." #: ../../configexamples/l3vpn-hub-and-spoke.rst:736 msgid "within VRFs:" msgstr "within VRFs:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:639 msgid "“show bgp ipv4 vpn summary” for checking BGP VPNv4 neighbors:" msgstr "“show bgp ipv4 vpn summary” for checking BGP VPNv4 neighbors:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:834 msgid "“show bgp ipv4 vpn summary” for checking iBGP neighbors again" msgstr "“show bgp ipv4 vpn summary” for checking iBGP neighbors again" #: ../../configexamples/l3vpn-hub-and-spoke.rst:719 msgid "“show bgp ipv4 vpn summary” for checking iBGP neighbors against route-reflector devices:" msgstr "“show bgp ipv4 vpn summary” for checking iBGP neighbors against route-reflector devices:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:941 msgid "“show bgp ipv4 vpn x.x.x.x/32” for checking best-path," msgstr "“show bgp ipv4 vpn x.x.x.x/32” for checking best-path," #: ../../configexamples/l3vpn-hub-and-spoke.rst:807 msgid "“show bgp ipv4 vpn x.x.x.x/32” for checking the best-path to the" msgstr "“show bgp ipv4 vpn x.x.x.x/32” for checking the best-path to the" #: ../../configexamples/l3vpn-hub-and-spoke.rst:698 msgid "“show bgp ipv4 vpn x.x.x.x/x” for checking best path selected for specific VPNv4 destination" msgstr "“show bgp ipv4 vpn x.x.x.x/x” for checking best path selected for specific VPNv4 destination" #: ../../configexamples/l3vpn-hub-and-spoke.rst:658 msgid "“show bgp ipv4 vpn” for checking all VPNv4 prefixes information:" msgstr "“show bgp ipv4 vpn” for checking all VPNv4 prefixes information:" #: ../../configexamples/l3vpn-hub-and-spoke.rst:891 msgid "“show bgp vrf BLUE_HUB summary” for checking EBGP neighbor" msgstr "“show bgp vrf BLUE_HUB summary” for checking EBGP neighbor" #: ../../configexamples/l3vpn-hub-and-spoke.rst:764 msgid "“show bgp vrf BLUE_SPOKE summary” for checking EBGP neighbor" msgstr "“show bgp vrf BLUE_SPOKE summary” for checking EBGP neighbor" #: ../../configexamples/l3vpn-hub-and-spoke.rst:736 msgid "“show bgp vrf all” for checking all the prefix learning on BGP" msgstr "“show bgp vrf all” for checking all the prefix learning on BGP" #: ../../configexamples/l3vpn-hub-and-spoke.rst:851 msgid "“show bgp vrf all” for checking all the prefixes learning on BGP" msgstr "“show bgp vrf all” for checking all the prefixes learning on BGP" #: ../../configexamples/l3vpn-hub-and-spoke.rst:554 msgid "“show ip ospf neighbor” for checking ospf relationship" msgstr "“show ip ospf neighbor” for checking ospf relationship" #: ../../configexamples/l3vpn-hub-and-spoke.rst:909 msgid "“show ip route vrf BLUE_HUB” to view the RIB in our Hub PE." msgstr "“show ip route vrf BLUE_HUB” to view the RIB in our Hub PE." #: ../../configexamples/l3vpn-hub-and-spoke.rst:784 msgid "“show ip route vrf BLUE_SPOKE” for viewing the RIB in our Spoke PE." msgstr "“show ip route vrf BLUE_SPOKE” for viewing the RIB in our Spoke PE." #: ../../configexamples/l3vpn-hub-and-spoke.rst:579 msgid "“show mpls ldp binding” for checking mpls label assignment" msgstr "“show mpls ldp binding” for checking mpls label assignment" #: ../../configexamples/l3vpn-hub-and-spoke.rst:567 msgid "“show mpls ldp neighbor “ for checking ldp neighbors" msgstr "“show mpls ldp neighbor “ for checking ldp neighbors"