diff options
| author | rebortg <github@ghlr.de> | 2021-12-30 13:44:10 +0100 | 
|---|---|---|
| committer | rebortg <github@ghlr.de> | 2021-12-30 13:44:10 +0100 | 
| commit | aa777ade688b624049cd2b24a5bfb5fbe1b444f9 (patch) | |
| tree | e83c3ff12239d35ed132e8fdf53ad78a1d8c837a /docs/configexamples | |
| parent | 2098a42ad2272e3a220d3bc6587766a03a0420ce (diff) | |
| download | vyos-documentation-aa777ade688b624049cd2b24a5bfb5fbe1b444f9.tar.gz vyos-documentation-aa777ade688b624049cd2b24a5bfb5fbe1b444f9.zip | |
correct build warnings
Diffstat (limited to 'docs/configexamples')
| -rw-r--r-- | docs/configexamples/dhcp-relay-through-gre-bridge.rst | 76 | ||||
| -rw-r--r-- | docs/configexamples/tunnelbroker-ipv6.rst | 180 | 
2 files changed, 0 insertions, 256 deletions
| diff --git a/docs/configexamples/dhcp-relay-through-gre-bridge.rst b/docs/configexamples/dhcp-relay-through-gre-bridge.rst deleted file mode 100644 index 16d8488b..00000000 --- a/docs/configexamples/dhcp-relay-through-gre-bridge.rst +++ /dev/null @@ -1,76 +0,0 @@ -:lastproofread: 2021-06-28 - -.. _examples-dhcp-relay-through-gre-bridge: - - -DHCP Relay through a GRE bridge -------------------------------- - -Diagram -^^^^^^^ - -.. image:: /_static/images/dhcp-relay-through-gre-bridge.png -   :width: 80% -   :align: center -   :alt: Network Topology Diagram - -Configuration -^^^^^^^^^^^^^ - -DHCP Server -""""""""""" - -.. code-block:: none - -   set interfaces ethernet eth0 address '10.0.2.1/24' -   set interfaces loopback lo address '192.168.3.3/24' -   set interfaces tunnel tun100 address '172.16.0.2/30' -   set interfaces tunnel tun100 encapsulation 'gretap' -   set interfaces tunnel tun100 source-address '10.0.2.1' -   set interfaces tunnel tun100 remote '192.168.0.1' -   set protocols ospf area 0 network '192.168.3.0/24' -   set protocols ospf area 0 network '10.0.2.0/24' -   set protocols ospf parameters router-id '192.168.3.3' -   set protocols static route 10.0.1.2/32 interface tun100 -   set service dhcp-server shared-network-name asdf authoritative -   set service dhcp-server shared-network-name asdf subnet 192.168.3.0/24 range 0 start '192.168.3.30' -   set service dhcp-server shared-network-name asdf subnet 192.168.3.0/24 range 0 stop '192.168.3.40' -   set service dhcp-server shared-network-name asdf subnet 10.0.1.0/24 default-router '10.0.1.2' -   set service dhcp-server shared-network-name asdf subnet 10.0.1.0/24 range 0 start '10.0.1.200' -   set service dhcp-server shared-network-name asdf subnet 10.0.1.0/24 range 0 stop '10.0.1.210' -   set service dhcp-server shared-network-name asdf subnet 10.2.1.0/24 range 0 start '10.2.1.222' -   set service dhcp-server shared-network-name asdf subnet 10.2.1.0/24 range 0 stop '10.2.1.233' -   set service dhcp-server shared-network-name asdf subnet 172.16.0.0/30 range 0 start '172.16.0.1' -   set service dhcp-server shared-network-name asdf subnet 172.16.0.0/30 range 0 stop '172.16.0.2' - -In-Between Router -""""""""""""""""" - -.. code-block:: none - -   set interfaces ethernet eth0 address '192.168.0.2/24' -   set interfaces ethernet eth1 address '10.0.2.2/24' -   set protocols ospf area 0 network '192.168.0.0/24' -   set protocols ospf area 0 network '10.0.2.0/24' -   set protocols ospf parameters router-id '192.168.0.2' - -DHCP Relay -"""""""""" - -.. code-block:: none - -   set interfaces ethernet eth0 address '10.0.1.2/24' -   set interfaces ethernet eth1 address '192.168.0.1/24' -   set interfaces loopback lo address '10.100.100.1' -   set interfaces tunnel tun100 address '172.16.0.1/30' -   set interfaces tunnel tun100 encapsulation 'gretap' -   set interfaces tunnel tun100 source-address '192.168.0.1' -   set interfaces tunnel tun100 remote '10.0.2.1' -   set protocols ospf area 0 network '10.0.1.0/24' -   set protocols ospf area 0 network '192.168.0.0/24' -   set protocols ospf area 0 network '10.100.100.0/24' -   set protocols ospf parameters router-id '10.100.100.1' -   set protocols static route 192.168.3.3/32 interface tun100 -   set service dhcp-relay interface 'eth0' -   set service dhcp-relay interface 'tun100' -   set service dhcp-relay server '192.168.3.3' diff --git a/docs/configexamples/tunnelbroker-ipv6.rst b/docs/configexamples/tunnelbroker-ipv6.rst deleted file mode 100644 index b3f8d5e1..00000000 --- a/docs/configexamples/tunnelbroker-ipv6.rst +++ /dev/null @@ -1,180 +0,0 @@ -:lastproofread: 2021-06-29 - -.. _examples-tunnelbroker-ipv6: - -.. stop_vyoslinter - -####################### -Tunnelbroker.net (IPv6) -####################### - -This guide walks through the setup of https://www.tunnelbroker.net/ for an -IPv6 Tunnel. - -Prerequisites -============= - -- A public, routable IPv4 address. This does not necessarily need to be static, -  but you will need to update the tunnel endpoint when/if your IP address -  changes, which can be done with a script and a scheduled task. -- Account at https://www.tunnelbroker.net/ -- Requested a "Regular Tunnel". You want to choose a location that is closest -  to your physical location for the best response time. - -Setup initial tunnel -==================== - -Set up initial IPv6 tunnel. Replace the field below from the fields on the -tunnel information page. - -.. code-block:: none - -  conf -  set interfaces tunnel tun0 address Client_IPv6_from_Tunnelbroker    # This will be your VyOS install's public IPv6 address -  set interfaces tunnel tun0 description 'HE.NET IPv6 Tunnel' -  set interfaces tunnel tun0 encapsulation 'sit' -  set interfaces tunnel tun0 source-address Client_IPv4_from_Tunnelbroker   # This is your public IP -  set interfaces tunnel tun0 mtu '1472' -  set interfaces tunnel tun0 multicast 'disable' -  set interfaces tunnel tun0 remote Server_IPv4_from_Tunnelbroker  # This is the IP of the Tunnelbroker server -  set protocols static route6 ::/0 interface tun0  # Tell all traffic to go over this tunnel -  commit - -If your WAN connection is over PPPoE, you may need to set the MTU on the above -tunnel lower than 1472. - -At this point you should be able to ping an IPv6 address, try pinging Google: - -.. code-block:: none - -   ping6 -c2 2001:4860:4860::8888 - -   64 bytes from 2001:4860:4860::8888: icmp_seq=1 ttl=57 time=21.7 ms -   64 bytes from 2001:4860:4860::8888: icmp_seq=2 ttl=57 time=21.1 ms - -   --- 2001:4860:4860::8888 ping statistics --- -   2 packets transmitted, 2 received, 0% packet loss, time 1001ms -   rtt min/avg/max/mdev = 21.193/21.459/21.726/0.304 ms - -Assuming the pings are successful, you need to add some DNS servers. -Some options: - -.. code-block:: none - -   set system name-server 2001:4860:4860::8888  # Google -   set system name-server 2001:4860:4860::8844  # Google -   set system name-server 2606:4700:4700::1111  # Cloudflare -   set system name-server 2606:4700:4700::1001  # Cloudflare -   commit - -You should now be able to ping something by IPv6 DNS name: - -.. code-block:: none - -   # ping6 -c2 one.one.one.one -   PING one.one.one.one(one.one.one.one) 56 data bytes -   64 bytes from one.one.one.one: icmp_seq=1 ttl=58 time=16.8 ms -   64 bytes from one.one.one.one: icmp_seq=2 ttl=58 time=17.4 ms - -   --- one.one.one.one ping statistics --- -   2 packets transmitted, 2 received, 0% packet loss, time 1001ms -   rtt min/avg/max/mdev = 16.880/17.153/17.426/0.273 ms - -Assuming everything works, you can proceed to the client configuration - -LAN Configuration -================= - -At this point, your VyOS install should have full IPv6, but now your LAN devices -need access. - -With Tunnelbroker.net, you have two options: - -- Routed /64. This is the default assignment. In IPv6-land, it's good for a -  single "LAN", and is somewhat equivalent to a /24. -  Example: `2001:470:xxxx:xxxx::/64` -- Routed /48. This is something you can request by clicking the "Assign /48" -  link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k -  LANs. Example: `2001:470:xxxx::/48` - -Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So -if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore -the assigned /64, and request the /48 and use that. - -Single LAN Setup -================ - -Single LAN setup where eth1 is your LAN interface. Use the /64 (all the xxxx -should be replaced with the information from your `Routed /64` tunnel): - -.. code-block:: none - -  set interfaces ethernet eth1 address '2001:470:xxxx:xxxx::1/64' -  set service router-advert interface eth1 name-server '2001:4860:4860::8888' -  set service router-advert interface eth1 name-server '2001:4860:4860::8844' -  set service router-advert interface eth1 prefix 2001:470:xxxx:xxxx::/64  - -Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, -'valid-lifetime' and 'preferred-lifetime' are set to default values of -30 days and 4 hours respectively. - -This accomplishes a few things: - -- Sets your LAN interface's IP address -- Enables router advertisements. This is an IPv6 alternative for DHCP (though -  DHCPv6 can still be used). With RAs, Your devices will automatically find the -  information they need for routing and DNS. - -Multiple LAN/DMZ Setup -====================== - -In this, you use the `Routed /48` information. This allows you to assign a -different /64 to every interface, LAN, or even device. Or you could break your -network into smaller chunks like /56 or /60. - -The format of these addresses: - -- `2001:470:xxxx::/48`: The whole subnet. xxxx should come from Tunnelbroker. -- `2001:470:xxxx:1::/64`: A subnet suitable for a LAN -- `2001:470:xxxx:2::/64`: Another subnet -- `2001:470:xxxx:ffff:/64`: The last usable /64 subnet. - -In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff -(1-65535). - -So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc: - -.. code-block:: none - -  set interfaces ethernet eth1 address '2001:470:xxxx:1::1/64' -  set service router-advert interface eth1 name-server '2001:4860:4860::8888' -  set service router-advert interface eth1 name-server '2001:4860:4860::8844' -  set service router-advert interface eth1 prefix 2001:470:xxxx:1::/64 -   -  set interfaces ethernet eth2 address '2001:470:xxxx:2::1/64' -  set service router-advert interface eth2 name-server '2001:4860:4860::8888' -  set service router-advert interface eth2 name-server '2001:4860:4860::8844' -  set service router-advert interface eth2 prefix 2001:470:xxxx:2::/64  - -  set interfaces ethernet eth3 address '2001:470:xxxx:3::1/64' -  set service router-advert interface eth3 name-server '2001:4860:4860::8888' -  set service router-advert interface eth3 name-server '2001:4860:4860::8844' -  set service router-advert interface eth3 prefix 2001:470:xxxx:3::/64 - -Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, -'valid-lifetime' and 'preferred-lifetime' are set to default values of -30 days and 4 hours respectively. - -Firewall -======== - -Finally, don't forget the :ref:`firewall`. The usage is identical, except for -instead of `set firewall name NAME`, you would use `set firewall ipv6-name -NAME`. - -Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 -firewall in ipv6-name` or `set zone-policy zone LOCAL from WAN firewall -ipv6-name`. - - -.. start_vyoslinter | 
