diff options
| author | Christian Poessinger <christian@poessinger.com> | 2019-11-27 17:20:36 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2019-11-27 17:20:38 +0100 |
| commit | 6aa3cbb611f74bdf8e44d5527f5138f3122a7497 (patch) | |
| tree | 009a1fe9447bdd980d5017d49f102e7ccdace03b /docs/vpn/wireguard.rst | |
| parent | 76bbe2744d7184ee50626d9d7b65f21dad1c7e99 (diff) | |
| download | vyos-documentation-6aa3cbb611f74bdf8e44d5527f5138f3122a7497.tar.gz vyos-documentation-6aa3cbb611f74bdf8e44d5527f5138f3122a7497.zip | |
Refactor "code-block:: sh" to "code-block:: console"
This will add proper new-lines into the rendered PDF. Before if it has
been a long line, not all content was preserved in the PDF.
Diffstat (limited to 'docs/vpn/wireguard.rst')
| -rw-r--r-- | docs/vpn/wireguard.rst | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/docs/vpn/wireguard.rst b/docs/vpn/wireguard.rst index b1fb0bdc..2ccf7b57 100644 --- a/docs/vpn/wireguard.rst +++ b/docs/vpn/wireguard.rst @@ -21,7 +21,7 @@ within VyOS. It will be used per default on any configured wireguard interface, even if multiple interfaces are being configured. -.. code-block:: sh +.. code-block:: console wg01:~$ configure wg01# run generate wireguard keypair @@ -29,7 +29,7 @@ multiple interfaces are being configured. The public key is being shared with your peer(s), your peer will encrypt all traffic to your system using this public key. -.. code-block:: sh +.. code-block:: console wg01# run show wireguard pubkey u41jO3OF73Gq1WARMMFG7tOfk7+r8o8AzPxJ1FZRhzk= @@ -45,7 +45,7 @@ their own keypairs. The commands below will generate 2 keypairs, which are not related to each other. -.. code-block:: sh +.. code-block:: console wg01:~$ configure wg01# run generate wireguard named-keypairs KP01 @@ -69,7 +69,7 @@ below is always the public key from your peer, not your local one. **local side** -.. code-block:: sh +.. code-block:: console set interfaces wireguard wg01 address '10.1.0.1/24' set interfaces wireguard wg01 description 'VPN-to-wg02' @@ -89,7 +89,7 @@ traffic. To use a named key on an interface, the option private-key needs to be set. -.. code-block:: sh +.. code-block:: console set interfaces wireguard wg01 private-key KP01 set interfaces wireguard wg02 private-key KP02 @@ -100,7 +100,7 @@ which needs to be shared with the peer. **remote side** -.. code-block:: sh +.. code-block:: console set interfaces wireguard wg01 address '10.2.0.1/24' set interfaces wireguard wg01 description 'VPN-to-wg01' @@ -113,7 +113,7 @@ which needs to be shared with the peer. Assure that your firewall rules allow the traffic, in which case you have a working VPN using wireguard. -.. code-block:: sh +.. code-block:: console wg01# ping 10.2.0.1 PING 10.2.0.1 (10.2.0.1) 56(84) bytes of data. @@ -128,7 +128,7 @@ working VPN using wireguard. An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto, which is optional. -.. code-block:: sh +.. code-block:: console wg01# run generate wireguard preshared-key rvVDOoc2IYEnV+k5p7TNAmHBMEGTHbPU8Qqg8c/sUqc= @@ -137,7 +137,7 @@ Copy the key, as it is not stored on the local file system. Make sure you distribute that key in a safe manner, it's a symmetric key, so only you and your peer should have knowledge of its content. -.. code-block:: sh +.. code-block:: console wg01# set interfaces wireguard wg01 peer to-wg02 preshared-key 'rvVDOoc2IYEnV+k5p7TNAmHBMEGTHbPU8Qqg8c/sUqc=' wg02# set interfaces wireguard wg01 peer to-wg01 preshared-key 'rvVDOoc2IYEnV+k5p7TNAmHBMEGTHbPU8Qqg8c/sUqc=' @@ -149,7 +149,7 @@ With WireGuard, a Road Warrior VPN config is similar to a site-to-site VPN. It In the following example, the IPs for the remote clients are defined in the peers. This would allow the peers to interact with one another. -.. code-block:: sh +.. code-block:: console wireguard wg0 { address 10.172.24.1/24 @@ -173,7 +173,7 @@ In the following example, the IPs for the remote clients are defined in the peer The following is the config for the iPhone peer above. It's important to note that the ``AllowedIPs`` setting directs all IPv4 and IPv6 traffic through the connection. -.. code-block:: sh +.. code-block:: console [Interface] PrivateKey = ARAKLSDJsadlkfjasdfiowqeruriowqeuasdf= @@ -189,7 +189,7 @@ directs all IPv4 and IPv6 traffic through the connection. This MacBook peer is doing split-tunneling, where only the subnets local to the server go over the connection. -.. code-block:: sh +.. code-block:: console [Interface] PrivateKey = 8Iasdfweirousd1EVGUk5XsT+wYFZ9mhPnQhmjzaJE6Go= @@ -207,7 +207,7 @@ Operational commands **Show interface status** -.. code-block:: sh +.. code-block:: console vyos@wg01# run show interfaces wireguard wg01 interface: wg1 @@ -233,14 +233,14 @@ Operational commands **Show public key of the default key** -.. code-block:: sh +.. code-block:: console vyos@wg01# run show wireguard keypair pubkey default FAXCPb6EbTlSH5200J5zTopt9AYXneBthAySPBLbZwM= **Show public key of a named key** -.. code-block:: sh +.. code-block:: console vyos@wg01# run show wireguard keypair pubkey KP01 HUtsu198toEnm1poGoRTyqkUKfKUdyh54f45dtcahDM= @@ -248,7 +248,7 @@ Operational commands **Delete wireguard keypairs** -.. code-block:: sh +.. code-block:: console vyos@wg01# wireguard keypair default |