diff options
| author | Robert Göhler <github@ghlr.de> | 2022-11-15 20:49:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-15 20:49:03 +0100 |
| commit | f2cf8417aaffd0793db20a6dd89185839012df00 (patch) | |
| tree | e867ebc1abc07838dd4539d9954ef5723537c703 /docs/configuration/vpn/site2site_ipsec.rst | |
| parent | e8bb46536e23078f8c91d687d0033f76c32b1f31 (diff) | |
| parent | ac70a57fd10e8e84d39544414e6f3c84ed52dd5a (diff) | |
| download | vyos-documentation-f2cf8417aaffd0793db20a6dd89185839012df00.tar.gz vyos-documentation-f2cf8417aaffd0793db20a6dd89185839012df00.zip | |
Merge pull request #888 from srividya0208/newformat
Modified the documentation as per the new format/syntax
Diffstat (limited to 'docs/configuration/vpn/site2site_ipsec.rst')
| -rw-r--r-- | docs/configuration/vpn/site2site_ipsec.rst | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/docs/configuration/vpn/site2site_ipsec.rst b/docs/configuration/vpn/site2site_ipsec.rst index e72dbdd4..482c7130 100644 --- a/docs/configuration/vpn/site2site_ipsec.rst +++ b/docs/configuration/vpn/site2site_ipsec.rst @@ -8,19 +8,10 @@ to exchange encrypted information between them and VyOS itself or connected/routed networks. To configure site-to-site connection you need to add peers with the -``set vpn ipsec site-to-site`` command. +``set vpn ipsec site-to-site peer <name>`` command. -You can identify a remote peer with: - -* IPv4 or IPv6 address. This mode is easiest for configuration and mostly used - when a peer has a public static IP address; -* Hostname. This mode is similar to IP address, only you define DNS name instead - of an IP. Could be used when a peer has a public IP address and DNS name, but - an IP address could be changed from time to time; -* Remote ID of the peer. In this mode, there is no predefined remote address - nor DNS name of the peer. This mode is useful when a peer doesn't have a - publicly available IP address (NAT between it and VyOS), or IP address could - be changed. +The peer name must be an alphanumeric and can have hypen or underscore as +special characters. It is purely informational. Each site-to-site peer has the next options: @@ -111,6 +102,11 @@ Each site-to-site peer has the next options: If defined ``any``, then an IP address which configured on interface with default route will be used; +* ``remote-address`` - remote IP address or hostname for IPSec connection. + IPv4 or IPv6 address is used when a peer has a public static IP address. + Hostname is a DNS name which could be used when a peer has a public IP + address and DNS name, but an IP address could be changed from time to time. + * ``tunnel`` - define criteria for traffic to be matched for encrypting and send it to a peer: |