correction of ipsec compression syntax and added a reference

for changes done for zone based firewall
author: srividya0208 <a.srividya@vyos.io> 2023-09-04 02:13:54 -0400
committer: srividya0208 <a.srividya@vyos.io> 2023-09-04 02:49:17 -0400
commit: 54bdc76b3bae95734d73a5ac2f174b32a1b9f2e9 (patch)
tree: 048b25a5e03da4b249bdde325b6841340358eaac /docs/configuration/vpn
parent: eeefebfbe0c44ccd0e9003055871044045ac424a (diff)
download: vyos-documentation-54bdc76b3bae95734d73a5ac2f174b32a1b9f2e9.tar.gz
vyos-documentation-54bdc76b3bae95734d73a5ac2f174b32a1b9f2e9.zip
2 files changed, 8 insertions, 23 deletions
diff --git a/docs/configuration/vpn/dmvpn.rst b/docs/configuration/vpn/dmvpn.rst
index 6680d46a..a85e03b4 100644
--- a/docs/configuration/vpn/dmvpn.rst
+++ b/docs/configuration/vpn/dmvpn.rst
@@ -200,7 +200,6 @@ Hub
   set protocols nhrp tunnel tun100 redirect
   set protocols nhrp tunnel tun100 shortcut
 
-  set vpn ipsec esp-group ESP-HUB compression 'disable'
   set vpn ipsec esp-group ESP-HUB lifetime '1800'
   set vpn ipsec esp-group ESP-HUB mode 'transport'
   set vpn ipsec esp-group ESP-HUB pfs 'dh-group2'
@@ -208,7 +207,6 @@ Hub
   set vpn ipsec esp-group ESP-HUB proposal 1 hash 'sha1'
   set vpn ipsec esp-group ESP-HUB proposal 2 encryption '3des'
   set vpn ipsec esp-group ESP-HUB proposal 2 hash 'md5'
-  set vpn ipsec ike-group IKE-HUB ikev2-reauth 'no'
   set vpn ipsec ike-group IKE-HUB key-exchange 'ikev1'
   set vpn ipsec ike-group IKE-HUB lifetime '3600'
   set vpn ipsec ike-group IKE-HUB proposal 1 dh-group '2'
@@ -309,7 +307,6 @@ VyOS can also run in DMVPN spoke mode.
   set protocols nhrp tunnel tun100 redirect
   set protocols nhrp tunnel tun100 shortcut
 
-  set vpn ipsec esp-group ESP-HUB compression 'disable'
   set vpn ipsec esp-group ESP-HUB lifetime '1800'
   set vpn ipsec esp-group ESP-HUB mode 'transport'
   set vpn ipsec esp-group ESP-HUB pfs 'dh-group2'
@@ -318,7 +315,6 @@ VyOS can also run in DMVPN spoke mode.
   set vpn ipsec esp-group ESP-HUB proposal 2 encryption '3des'
   set vpn ipsec esp-group ESP-HUB proposal 2 hash 'md5'
   set vpn ipsec ike-group IKE-HUB close-action 'none'
-  set vpn ipsec ike-group IKE-HUB ikev2-reauth 'no'
   set vpn ipsec ike-group IKE-HUB key-exchange 'ikev1'
   set vpn ipsec ike-group IKE-HUB lifetime '3600'
   set vpn ipsec ike-group IKE-HUB proposal 1 dh-group '2'
diff --git a/docs/configuration/vpn/ipsec.rst b/docs/configuration/vpn/ipsec.rst
index 327f3abb..c91feea0 100644
--- a/docs/configuration/vpn/ipsec.rst
+++ b/docs/configuration/vpn/ipsec.rst
@@ -51,8 +51,6 @@ VyOS IKE group has the next options:
  
  * ``hold`` set action to hold;
  
- * ``clear`` set action to clear;
- 
  * ``restart`` set action to restart;
  
 * ``dead-peer-detection`` controls the use of the Dead Peer Detection protocol 
@@ -73,11 +71,9 @@ VyOS IKE group has the next options:
  * ``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only
  
 * ``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate 
-  the peer. In IKEv1, reauthentication is always done:
-  
- * ``yes`` enable remote host re-authentication during an IKE rekey;
- 
- * ``no`` disable remote host re-authenticaton during an IKE rekey;
+  the peer. In IKEv1, reauthentication is always done.
+  Setting this parameter enables remote host re-authentication during an IKE 
+  rekey.
  
 * ``key-exchange`` which protocol should be used to initialize the connection
   If not set both protocols are handled and connections will use IKEv2 when 
@@ -87,13 +83,10 @@ VyOS IKE group has the next options:
  
  * ``ikev2`` use IKEv2 for Key Exchange;
  
-* ``lifetime`` IKE lifetime in seconds <30-86400> (default 28800);
-
-* ``mobike`` enable MOBIKE Support. MOBIKE is only available for IKEv2:
+* ``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);
 
- * ``enable`` enable MOBIKE (default for IKEv2);
- 
- * ``disable`` disable MOBIKE;
+* ``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2
+  and enabled by default.
  
 * ``mode`` IKEv1 Phase 1 Mode Selection:
 
@@ -126,12 +119,8 @@ Multiple proposals can be specified in a single group.
 
 VyOS ESP group has the next options:
 
-* ``compression`` whether IPComp compression of content is proposed 
-  on the connection:
-
- * ``disable`` disable IPComp compression (default);
- 
- * ``enable`` enable IPComp compression;
+* ``compression``  Enables the  IPComp(IP Payload Compression) protocol which
+  allows compressing the content of IP packets.  
  
 * ``life-bytes`` ESP life in bytes <1024-26843545600000>. 
   Number of bytes transmitted over an IPsec SA before it expires;
author	srividya0208 <a.srividya@vyos.io>	2023-09-04 02:13:54 -0400
committer	srividya0208 <a.srividya@vyos.io>	2023-09-04 02:49:17 -0400
commit	54bdc76b3bae95734d73a5ac2f174b32a1b9f2e9 (patch)
tree	048b25a5e03da4b249bdde325b6841340358eaac /docs/configuration/vpn
parent	eeefebfbe0c44ccd0e9003055871044045ac424a (diff)
download	vyos-documentation-54bdc76b3bae95734d73a5ac2f174b32a1b9f2e9.tar.gz vyos-documentation-54bdc76b3bae95734d73a5ac2f174b32a1b9f2e9.zip