diff options
| author | Christian Poessinger <christian@poessinger.com> | 2019-11-27 17:20:36 +0100 | 
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2019-11-27 17:20:38 +0100 | 
| commit | 6aa3cbb611f74bdf8e44d5527f5138f3122a7497 (patch) | |
| tree | 009a1fe9447bdd980d5017d49f102e7ccdace03b /docs/vpn/openvpn.rst | |
| parent | 76bbe2744d7184ee50626d9d7b65f21dad1c7e99 (diff) | |
| download | vyos-documentation-6aa3cbb611f74bdf8e44d5527f5138f3122a7497.tar.gz vyos-documentation-6aa3cbb611f74bdf8e44d5527f5138f3122a7497.zip | |
Refactor "code-block:: sh" to "code-block:: console"
This will add proper new-lines into the rendered PDF. Before if it has
been a long line, not all content was preserved in the PDF.
Diffstat (limited to 'docs/vpn/openvpn.rst')
| -rw-r--r-- | docs/vpn/openvpn.rst | 38 | 
1 files changed, 19 insertions, 19 deletions
| diff --git a/docs/vpn/openvpn.rst b/docs/vpn/openvpn.rst index 491e6e6d..2e4388ed 100644 --- a/docs/vpn/openvpn.rst +++ b/docs/vpn/openvpn.rst @@ -68,7 +68,7 @@ in our configuration.  Local Configuration: -.. code-block:: sh +.. code-block:: console    set interfaces openvpn vtun1 mode site-to-site    set interfaces openvpn vtun1 protocol udp @@ -82,7 +82,7 @@ Local Configuration:  Remote Configuration: -.. code-block:: sh +.. code-block:: console    set interfaces openvpn vtun1 mode site-to-site    set interfaces openvpn vtun1 protocol udp @@ -104,7 +104,7 @@ For Encryption:  This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or  OpenVPN version < 2.4.0. -.. code-block:: sh +.. code-block:: console    vyos@vyos# set interfaces openvpn vtun1 encryption cipher    Possible completions: @@ -123,7 +123,7 @@ This sets the accepted ciphers to use when version => 2.4.0 and NCP is  enabled (which is default). Default NCP cipher for versions >= 2.4.0 is  aes256gcm. The first cipher in this list is what server pushes to clients. -.. code-block:: sh +.. code-block:: console    vyos@vyos# set int open vtun0 encryption ncp-ciphers    Possible completions: @@ -138,7 +138,7 @@ aes256gcm. The first cipher in this list is what server pushes to clients.  For Hashing: -.. code-block:: sh +.. code-block:: console    vyos@vyos# set interfaces openvpn vtun1 hash    Possible completions: @@ -157,13 +157,13 @@ network of 10.1.0.0/16:  Local Configuration: -.. code-block:: sh +.. code-block:: console    set protocols static interface-route 10.1.0.0/16 next-hop-interface vtun1  Remote Configuration: -.. code-block:: sh +.. code-block:: console    set protocols static interface-route 10.0.0.0/16 next-hop-interface vtun1 @@ -206,7 +206,7 @@ closing on connection resets or daemon reloads.     0 on one side of the connection (to disable it), the chosen value on the     other side will determine when the renegotiation will occur. -.. code-block:: sh +.. code-block:: console    set interfaces openvpn vtun10 mode server    set interfaces openvpn vtun10 local-port 1194 @@ -216,7 +216,7 @@ closing on connection resets or daemon reloads.  Then we need to specify the location of the cryptographic materials. Suppose  you keep the files in `/config/auth/openvpn` -.. code-block:: sh +.. code-block:: console    set interfaces openvpn vtun10 tls ca-cert-file /config/auth/openvpn/ca.crt    set interfaces openvpn vtun10 tls cert-file /config/auth/openvpn/server.crt @@ -229,7 +229,7 @@ specify the subnet for client tunnel endpoints. Since we want clients to access  a specific network behind out router, we will use a push-route option for  installing that route on clients. -.. code-block:: sh +.. code-block:: console    set interfaces openvpn vtun10 server push-route 192.168.0.0/16    set interfaces openvpn vtun10 server subnet 10.23.1.0/24 @@ -241,7 +241,7 @@ need configuration for each client to achieve this.  .. note:: Clients are identified by the CN field of their x.509 certificates,     in this example the CN is ``client0``: -.. code-block:: sh +.. code-block:: console    set interfaces openvpn vtun10 server client client0 ip 10.23.1.10    set interfaces openvpn vtun10 server client client0 subnet 10.23.2.0/25 @@ -250,7 +250,7 @@ OpenVPN **will not** automatically create routes in the kernel for client  subnets when they connect and will only use client-subnet association  internally, so we need to create a route to the 10.23.0.0/20 network ourselves: -.. code-block:: sh +.. code-block:: console    set protocols static interface-route 10.23.0.0/20 next-hop-interface vtun10 @@ -269,13 +269,13 @@ Authentication is done by using the ``openvpn-auth-ldap.so`` plugin which is  shipped with every VyOS installation. A dedicated configuration file is required.  It is best practise to store it in ``/config`` to survive image updates -.. code-block:: sh +.. code-block:: console    set interfaces openvpn vtun0 openvpn-option "--plugin /usr/lib/openvpn/openvpn-auth-ldap.so /config/auth/ldap-auth.config"  The required config file may look like: -.. code-block:: sh +.. code-block:: console    <LDAP>    # LDAP server URL @@ -302,7 +302,7 @@ Active Directory  Despite the fact that AD is a superset of LDAP -.. code-block:: sh +.. code-block:: console    <LDAP>      # LDAP server URL @@ -336,7 +336,7 @@ Despite the fact that AD is a superset of LDAP  If you only want to check if the user account is enabled and can authenticate  (against the primary group) the following snipped is sufficient: -.. code-block:: sh +.. code-block:: console    <LDAP>      URL ldap://dc01.example.com @@ -355,7 +355,7 @@ If you only want to check if the user account is enabled and can authenticate  A complete LDAP auth OpenVPN configuration could look like the following example: -.. code-block:: sh +.. code-block:: console    vyos@vyos# show interfaces openvpn     openvpn vtun0 { @@ -398,7 +398,7 @@ using their CN attribute in the SSL certificate.  Server  ------ -.. code-block:: sh +.. code-block:: console    set interfaces openvpn vtun10 encryption cipher 'aes256'    set interfaces openvpn vtun10 hash 'sha512' @@ -422,7 +422,7 @@ Server  Client  ------ -.. code-block:: sh +.. code-block:: console    set interfaces openvpn vtun10 encryption cipher 'aes256'    set interfaces openvpn vtun10 hash 'sha512' | 
