diff options
| author | rebortg <github@ghlr.de> | 2024-05-28 12:24:30 +0200 | 
|---|---|---|
| committer | rebortg <github@ghlr.de> | 2024-05-28 12:24:30 +0200 | 
| commit | 96039bd2f44018ae767930e252305bedece57156 (patch) | |
| tree | 650373a9398085999f8bbb45b09b4896ca489f5f /docs/configexamples/autotest | |
| parent | 0a3febc9524e7f5d3df856bd9cf58aafb3500252 (diff) | |
| parent | 2be191247b2f10f1bc3ae38f8bcb565ce0af0635 (diff) | |
| download | vyos-documentation-96039bd2f44018ae767930e252305bedece57156.tar.gz vyos-documentation-96039bd2f44018ae767930e252305bedece57156.zip | |
Merge branch 'current' of github.com:vyos/vyos-documentation into current
Diffstat (limited to 'docs/configexamples/autotest')
3 files changed, 37 insertions, 12 deletions
| diff --git a/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst b/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst index e42d3567..6666399d 100644 --- a/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst +++ b/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst @@ -7,9 +7,9 @@ OpenVPN with LDAP  | Testdate: 2023-05-11  | Version: 1.4-rolling-202305100734 -This LAB show how to uwe OpenVPN with a Active Directory authentication backend. +This LAB shows how to use OpenVPN with a Active Directory authentication method. -The Topology are consists of: +Topology consists of:   * Windows Server 2019 with a running Active Directory   * VyOS as a OpenVPN Server   * VyOS as Client @@ -20,7 +20,7 @@ The Topology are consists of:  Active Directory on Windows server  ================================== -The Lab asume a full running Active Directory on the Windows Server. +The lab assumes a full running Active Directory on the Windows Server.  Here are some PowerShell commands to quickly add a Test Active Directory.  .. code-block:: powershell @@ -36,7 +36,7 @@ Here are some PowerShell commands to quickly add a Test Active Directory.      New-ADUser user01 -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true -Configuration VyOS as OpenVPN Server +Configure VyOS as OpenVPN Server  ====================================  In this example OpenVPN will be setup with a client certificate and username / password authentication. @@ -53,7 +53,7 @@ Please look :ref:`here <configuration/pki/index:pki>` for more information.  Now generate all required certificates on the ovpn-server: -first the PCA +First the CA  .. code-block:: none @@ -249,11 +249,27 @@ save the output to a file and import it in nearly all openvpn clients.     </key> +Configure VyOS as client +------------------------ + +.. code-block:: none + +   set interfaces openvpn vtun10 authentication username 'user01' +   set interfaces openvpn vtun10 authentication password '$ecret' +   set interfaces openvpn vtun10 encryption cipher 'aes256' +   set interfaces openvpn vtun10 hash 'sha512' +   set interfaces openvpn vtun10 mode 'client' +   set interfaces openvpn vtun10 persistent-tunnel +   set interfaces openvpn vtun10 protocol 'udp' +   set interfaces openvpn vtun10 remote-host '198.51.100.254' +   set interfaces openvpn vtun10 remote-port '1194' +   set interfaces openvpn vtun10 tls ca-certificate 'OVPN-CA' +   set interfaces openvpn vtun10 tls certificate 'CLIENT'  Monitoring  ========== -If the client is connect successfully you can check the output with +If the client is connected successfully you can check the status  .. code-block:: none diff --git a/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf b/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf index 03889ffd..ab70ccc5 100644 --- a/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf +++ b/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf @@ -1,8 +1,8 @@ -set interfaces tunnel tun0 address '2001:470:6c:779::2/64' #Tunnelbroker Client IPv6 Address +set interfaces tunnel tun0 address '2001:470:6c:779::2/64' #Tunnelbroker Client IPv6 address  set interfaces tunnel tun0 description 'HE.NET IPv6 Tunnel'  set interfaces tunnel tun0 encapsulation 'sit' -set interfaces tunnel tun0 remote '216.66.86.114' #Tunnelbroker Server IPv4 Address -set interfaces tunnel tun0 source-address '172.29.129.60' # Tunnelbroker Client IPv4 Address or if there is NAT the current WAN interface address +set interfaces tunnel tun0 remote '216.66.86.114' #Tunnelbroker Server IPv4 address +set interfaces tunnel tun0 source-address '172.29.129.60' # Tunnelbroker Client IPv4 address. See note below  set protocols static route6 ::/0 interface tun0 @@ -10,4 +10,4 @@ set interface ethernet eth2 address '2001:470:6d:778::1/64' # Tunnelbroker Route  set service router-advert interface eth2 name-server '2001:470:20::2'  set service router-advert interface eth2 prefix 2001:470:6d:778::/64 # Tunnelbroker Routed /64 prefix -set system name-server 2001:470:20::2 #Tunnelbroker DNS Server
\ No newline at end of file +set system name-server 2001:470:20::2 #Tunnelbroker DNS Server diff --git a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst index 94acbe9a..0f7c9daf 100644 --- a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst +++ b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst @@ -48,7 +48,15 @@ Now we are able to setup the tunnel interface.     :language: none     :lines: 1-5 -Setup the ipv6 default route to the tunnel interface +.. note:: The `source-address` is the Tunnelbroker client IPv4  +          address or if there is NAT the current WAN interface address. + +          If `source-address` is  dynamic, the tunnel will cease working once  +          the address changes. To avoid having to manually update +          `source-address` each time the dynamic IP changes, an address of   +          '0.0.0.0' can be specified. + +Setup the IPv6 default route to the tunnel interface  .. literalinclude:: _include/vyos-wan_tun0.conf     :language: none @@ -204,4 +212,5 @@ instead of `set firewall name NAME`, you would use `set firewall ipv6-name  NAME`.  Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 -firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`.
\ No newline at end of file +firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall  +ipv6-name`. | 
