diff options
| author | Christian Poessinger <christian@poessinger.com> | 2019-11-17 19:52:57 +0100 | 
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2019-11-17 19:53:00 +0100 | 
| commit | a02ef524ecfd5a8a4529c0d0e0c36d8abb0b9e04 (patch) | |
| tree | 963ac4e06ac05acd22c3ae5c49259bd6c3b68c86 /docs | |
| parent | a4bb80c2fa42ffae97fee9bfd3b0002241da55cf (diff) | |
| download | vyos-documentation-a02ef524ecfd5a8a4529c0d0e0c36d8abb0b9e04.tar.gz vyos-documentation-a02ef524ecfd5a8a4529c0d0e0c36d8abb0b9e04.zip | |
openvpn: beautify command snippets
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/vpn/openvpn.rst | 20 | 
1 files changed, 11 insertions, 9 deletions
| diff --git a/docs/vpn/openvpn.rst b/docs/vpn/openvpn.rst index faa5e6bc..63949184 100644 --- a/docs/vpn/openvpn.rst +++ b/docs/vpn/openvpn.rst @@ -43,11 +43,11 @@ static keys, which is simpler in many cases. In this example, we'll configure  a simple site-to-site OpenVPN tunnel using a 2048-bit pre-shared key.  First, one of the systems generate the key using the operational command -`generate openvpn key <filename>`. This will generate a key with the name -provided in the `/config/auth/` directory. Once generated, you will need to +``generate openvpn key <filename>``. This will generate a key with the name +provided in the ``/config/auth/`` directory. Once generated, you will need to  copy this key to the remote router. -In our example, we used the filename `openvpn-1.key` which we will reference +In our example, we used the filename ``openvpn-1.key`` which we will reference  in our configuration.  * The public IP address of the local side of the VPN will be 198.51.100.10 @@ -58,11 +58,11 @@ in our configuration.    when possible.  * The official port for OpenVPN is 1194, which we reserve for client VPN; we    will use 1195 for site-to-site VPN. -* The `persistent-tunnel` directive will allow us to configure tunnel-related +* The ``persistent-tunnel`` directive will allow us to configure tunnel-related    attributes, such as firewall policy as we would on any normal network    interface.  * If known, the IP of the remote router can be configured using the -  `remote-host` directive; if unknown, it can be omitted. We will assume a +  ``remote-host`` directive; if unknown, it can be omitted. We will assume a    dynamic IP for our remote router.  Local Configuration: @@ -196,12 +196,14 @@ all client subnets belong to 10.23.0.0/20. All clients need access to the  192.168.0.0/16 network.  First we need to specify the basic settings. 1194/UDP is the default. The -`persistent-tunnel` option is recommended, it prevents the TUN/TAP device from +``persistent-tunnel`` option is recommended, it prevents the TUN/TAP device from  closing on connection resets or daemon reloads. - -.. note:: Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur. - +.. note:: Using **openvpn-option -reneg-sec** can be tricky. This option is +   used to renegotiate data channel after n seconds. When used at both server +   and client, the lower value will trigger the renegotiation. If you set it to +   0 on one side of the connection (to disable it), the chosen value on the +   other side will determine when the renegotiation will occur.  .. code-block:: sh | 
