diff options
| -rw-r--r-- | docs/appendix/commandtree/configmode.rst | 8 | ||||
| -rw-r--r-- | docs/appendix/examples/ha.rst | 10 | ||||
| -rw-r--r-- | docs/appendix/examples/ospf-unnumbered.rst | 36 | ||||
| -rw-r--r-- | docs/appendix/examples/tunnelbroker-ipv6.rst | 14 | ||||
| -rw-r--r-- | docs/appendix/migrate-from-vyatta.rst | 6 | ||||
| -rw-r--r-- | docs/contributing/documentation.rst | 2 | ||||
| -rw-r--r-- | docs/high-availability.rst | 6 | ||||
| -rw-r--r-- | docs/load-balancing.rst | 4 | ||||
| -rw-r--r-- | docs/nat.rst | 4 | ||||
| -rw-r--r-- | docs/qos.rst | 6 | ||||
| -rw-r--r-- | docs/routing/igmp-proxy.rst | 2 | ||||
| -rw-r--r-- | docs/routing/routing-policy.rst | 20 | ||||
| -rw-r--r-- | docs/services/dns-forwarding.rst | 4 | ||||
| -rw-r--r-- | docs/services/ipoe-server.rst | 14 | ||||
| -rw-r--r-- | docs/services/pppoe-server.rst | 12 | ||||
| -rw-r--r-- | docs/services/snmp.rst | 2 | ||||
| -rw-r--r-- | docs/services/webproxy.rst | 4 | ||||
| -rw-r--r-- | docs/system/config-management.rst | 2 | ||||
| -rw-r--r-- | docs/system/eventhandler.rst | 4 | ||||
| -rw-r--r-- | docs/system/proxy.rst | 4 | ||||
| -rw-r--r-- | docs/vpn/dmvpn.rst | 2 | ||||
| -rw-r--r-- | docs/vpn/wireguard.rst | 4 |
22 files changed, 85 insertions, 85 deletions
diff --git a/docs/appendix/commandtree/configmode.rst b/docs/appendix/commandtree/configmode.rst index 2eaa96fc..8d675f7e 100644 --- a/docs/appendix/commandtree/configmode.rst +++ b/docs/appendix/commandtree/configmode.rst @@ -158,7 +158,7 @@ VyOS maintains backups of previous configurations. To compare configuration revi saved Compare working & saved configurations <N> Compare working with revision N <N> <M> Compare revision N with M - + Revisions: 0 2019-03-20 20:57:22 root by boot-config-loader 1 2019-03-15 20:00:04 root by boot-config-loader @@ -225,7 +225,7 @@ The ``discard`` command removes all pending configuration changes. [edit] vyos@vyos# discard - + Changes have been discarded Edit @@ -435,9 +435,9 @@ Use the compare command to verify the configuration you want to rollback to. [edit] vyos@vyos# rollback 1 Proceed with reboot? [confirm][y] - + Broadcast message from root@vyos-1 (pts/0) (Tue Dec 17 21:07:45 2018): - + The system is going down for reboot NOW! [edit] vyos@vyos# diff --git a/docs/appendix/examples/ha.rst b/docs/appendix/examples/ha.rst index cd60f8e4..1c37463c 100644 --- a/docs/appendix/examples/ha.rst +++ b/docs/appendix/examples/ha.rst @@ -81,7 +81,7 @@ Our implementation uses VMware's Distributed Port Groups, which allows VMware to Basic Setup (via console) ------------------------- -Create your router1 VM so it is able to withstand a VM Host failing, or a network link failing. Using VMware, this is achieved by enabling vSphere DRS, vSphere Availability, and creating a Distributed Port Group that uses LACP. +Create your router1 VM so it is able to withstand a VM Host failing, or a network link failing. Using VMware, this is achieved by enabling vSphere DRS, vSphere Availability, and creating a Distributed Port Group that uses LACP. Many other Hypervisors do this, and I'm hoping that this document will be expanded to document how to do this for others. @@ -224,7 +224,7 @@ router2 Create vrrp sync-group ^^^^^^^^^^^^^^^^^^^^^^ -The sync group is used to replicate connection tracking. It needs to be assigned to a random VRRP group, and we are creating a sync group called ``sync`` using the vrrp group ``int``. +The sync group is used to replicate connection tracking. It needs to be assigned to a random VRRP group, and we are creating a sync group called ``sync`` using the vrrp group ``int``. .. code-block:: console @@ -251,7 +251,7 @@ You should be able to ping to and from all the IPs you have allocated. NAT and conntrack-sync ---------------------- -Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface. +Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface. Note we explicitly exclude the primary upstream network so that BGP or OSPF traffic doesn't accidentally get NAT'ed. .. code-block:: console @@ -265,7 +265,7 @@ Note we explicitly exclude the primary upstream network so that BGP or OSPF traf Configure conntrack-sync and disable helpers ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Most conntrack modules cause more problems than they're worth, especially in a complex network. Turn them off by default, and if you need to turn them on later, you can do so. +Most conntrack modules cause more problems than they're worth, especially in a complex network. Turn them off by default, and if you need to turn them on later, you can do so. .. code-block:: console @@ -413,7 +413,7 @@ Enable OSPF ^^^^^^^^^^^ Every router **must** have a unique router-id. -The 'reference-bandwidth' is used because when OSPF was originally designed, the idea of a link faster than 1gbit was unheard of, and it does not scale correctly. +The 'reference-bandwidth' is used because when OSPF was originally designed, the idea of a link faster than 1gbit was unheard of, and it does not scale correctly. .. code-block:: console diff --git a/docs/appendix/examples/ospf-unnumbered.rst b/docs/appendix/examples/ospf-unnumbered.rst index 13e5f961..ac29988e 100644 --- a/docs/appendix/examples/ospf-unnumbered.rst +++ b/docs/appendix/examples/ospf-unnumbered.rst @@ -50,28 +50,28 @@ Results .. code-block:: console - vyos@vyos:~$ show interfaces + vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- - eth0 10.0.0.1/24 u/u - eth1 192.168.0.1/32 u/u - eth2 192.168.0.1/32 u/u - lo 127.0.0.1/8 u/u + eth0 10.0.0.1/24 u/u + eth1 192.168.0.1/32 u/u + eth2 192.168.0.1/32 u/u + lo 127.0.0.1/8 u/u 192.168.0.1/32 ::1/128 - vyos@vyos:~$ + vyos@vyos:~$ .. code-block:: console - vyos@vyos:~$ show ip route + vyos@vyos:~$ show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route - + S>* 0.0.0.0/0 [210/0] via 10.0.0.254, eth0, 00:57:34 O 10.0.0.0/24 [110/20] via 192.168.0.2, eth1 onlink, 00:13:21 via 192.168.0.2, eth2 onlink, 00:13:21 @@ -82,35 +82,35 @@ Results C>* 192.168.0.1/32 is directly connected, lo, 00:57:36 O>* 192.168.0.2/32 [110/1] via 192.168.0.2, eth1 onlink, 00:29:03 * via 192.168.0.2, eth2 onlink, 00:29:03 - vyos@vyos:~$ + vyos@vyos:~$ - Router B: .. code-block:: console - vyos@vyos:~$ show interfaces + vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- - eth0 10.0.0.2/24 u/u - eth1 192.168.0.2/32 u/u - eth2 192.168.0.2/32 u/u - lo 127.0.0.1/8 u/u + eth0 10.0.0.2/24 u/u + eth1 192.168.0.2/32 u/u + eth2 192.168.0.2/32 u/u + lo 127.0.0.1/8 u/u 192.168.0.2/32 ::1/128 - vyos@vyos:~$ + vyos@vyos:~$ .. code-block:: console - vyos@vyos:~$ show ip route + vyos@vyos:~$ show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route - + S>* 0.0.0.0/0 [210/0] via 10.0.0.254, eth0, 00:57:34 O 10.0.0.0/24 [110/20] via 192.168.0.1, eth1 onlink, 00:13:21 via 192.168.0.1, eth2 onlink, 00:13:21 @@ -121,5 +121,5 @@ Results C>* 192.168.0.2/32 is directly connected, lo, 00:57:36 O>* 192.168.0.1/32 [110/1] via 192.168.0.1, eth1 onlink, 00:29:03 * via 192.168.0.1, eth2 onlink, 00:29:03 - vyos@vyos:~$ + vyos@vyos:~$ diff --git a/docs/appendix/examples/tunnelbroker-ipv6.rst b/docs/appendix/examples/tunnelbroker-ipv6.rst index 234d9cf1..e8fc9a8b 100644 --- a/docs/appendix/examples/tunnelbroker-ipv6.rst +++ b/docs/appendix/examples/tunnelbroker-ipv6.rst @@ -3,7 +3,7 @@ VyOS Tunnelbroker.net IPv6 -------------------------- -This guides walks through the setup of `Tunnelbroker.net <https://www.tunnelbroker.net/>`_ for an IPv6 Tunnel. +This guides walks through the setup of `Tunnelbroker.net <https://www.tunnelbroker.net/>`_ for an IPv6 Tunnel. Prerequisites ^^^^^^^^^^^^^ @@ -78,9 +78,9 @@ At this point your VyOS install should have full IPv6, but now your LAN devices With Tunnelbroker.net, you have two options: - Routed /64. This is the default assignment. In IPv6-land, it's good for a single "LAN", and is somewhat equivalent to a /24. Example: `2001:470:xxxx:xxxx::/64` -- Routed /48. This is something you can request by clicking the "Assign /48" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k LANs. Example: `2001:470:xxxx::/48` +- Routed /48. This is something you can request by clicking the "Assign /48" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k LANs. Example: `2001:470:xxxx::/48` -Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that. +Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that. Single LAN Setup ^^^^^^^^^^^^^^^^ @@ -89,7 +89,7 @@ Single LAN setup where eth1 is your LAN interface. Use the /64 (all the xxxx sh .. code-block:: console - set interfaces ethernet eth1 address '2001:470:xxxx:xxxx::1/64' + set interfaces ethernet eth1 address '2001:470:xxxx:xxxx::1/64' set interfaces ethernet eth1 ipv6 router-advert name-server '2001:4860:4860::8888' set interfaces ethernet eth1 ipv6 router-advert name-server '2001:4860:4860::8844' set interfaces ethernet eth1 ipv6 router-advert prefix 2001:470:xxxx:xxxx::/64 autonomous-flag 'true' @@ -100,7 +100,7 @@ Single LAN setup where eth1 is your LAN interface. Use the /64 (all the xxxx sh - This accomplishes a few things: - Sets your LAN interface's IP address - - Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS. + - Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS. Multiple LAN/DMZ Setup ^^^^^^^^^^^^^^^^^^^^^^ @@ -114,7 +114,7 @@ The format of these addresses: - `2001:470:xxxx:2::/64`: Another subnet - `2001:470:xxxx:ffff:/64`: The last usable /64 subnet. -In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535). +In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535). So, when your LAN is eth1, your DMZ is eth2, your cameras live on eth3, etc: @@ -144,7 +144,7 @@ So, when your LAN is eth1, your DMZ is eth2, your cameras live on eth3, etc: Firewall ^^^^^^^^ -Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`. +Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`. Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set zone-policy zone LOCAL from WAN firewall ipv6-name` diff --git a/docs/appendix/migrate-from-vyatta.rst b/docs/appendix/migrate-from-vyatta.rst index 3ac75167..7ca64c16 100644 --- a/docs/appendix/migrate-from-vyatta.rst +++ b/docs/appendix/migrate-from-vyatta.rst @@ -45,7 +45,7 @@ For completion the key below corresponds to the key listed in the URL above. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.12 (GNU/Linux) - + mQINBFIIUZwBEADGl+wkZpYytQxd6LnjDZZScziBKYJbjInetYeS0SUrgpqnPkzL 2CiGfPczLwpYY0zWxpUhTvqjFsE5yDpgs0sPXIgUTFE1qfZQE+WD1I1EUM6sp/38 2xKQ9QaNc8oHuYINLYYmNYra6ZjIGtQP9WOX//IDYB3fhdwlmiW2z0hux2OnPWdh @@ -131,7 +131,7 @@ release. Digital signature is valid. Checking MD5 checksums of files on the ISO image...OK. Done! - + What would you like to name this image? [1.0.0]: [return] OK. This image will be named: 1.0.0 Installing "1.0.0" image. @@ -146,7 +146,7 @@ release. Copying SSH keys... Setting up grub configuration... Done. - + vyatta@vyatta:~$ show system image The system currently has the following image(s) installed: diff --git a/docs/contributing/documentation.rst b/docs/contributing/documentation.rst index 51fe0981..661f4fe0 100644 --- a/docs/contributing/documentation.rst +++ b/docs/contributing/documentation.rst @@ -93,7 +93,7 @@ We use the following syntax for Headlines. ##### Parts ##### - + ******** Chapters ******** diff --git a/docs/high-availability.rst b/docs/high-availability.rst index 634b8742..de2f16b4 100644 --- a/docs/high-availability.rst +++ b/docs/high-availability.rst @@ -3,7 +3,7 @@ High availability ================= -VRRP (Virtual Redundancy Protocol) provides active/backup redundancy for routers. +VRRP (Virtual Redundancy Protocol) provides active/backup redundancy for routers. Every VRRP router has a physical IP/IPv6 address, and a virtual address. On startup, routers elect the master, and the router with the highest priority becomes the master and assigns the virtual address to its interface. All routers with lower priorities become backup routers. The master then starts sending keepalive packets to notify other routers that it's available. @@ -31,7 +31,7 @@ You can verify your VRRP group status with the operational mode ``run show vrrp` .. code-block:: console - vyos@vyos# run show vrrp + vyos@vyos# run show vrrp Name Interface VRID State Last Transition ---------- ----------- ------ ------- ----------------- Foo eth1 10 MASTER 2s @@ -66,7 +66,7 @@ The priority must be an integer number from 1 to 255. Higher priority value incr Sync groups ----------- -A sync group allows VRRP groups to transition together. +A sync group allows VRRP groups to transition together. .. code-block:: console diff --git a/docs/load-balancing.rst b/docs/load-balancing.rst index abf399ea..7aa8fd63 100644 --- a/docs/load-balancing.rst +++ b/docs/load-balancing.rst @@ -78,7 +78,7 @@ To configure the rate limiting use: Flow and packet-based balancing ******************************* -Outgoing traffic is balanced in a flow-based manner. +Outgoing traffic is balanced in a flow-based manner. A connection tracking table is used to track flows by their source address, destination address and port. Each flow is assigned to an interface according to the defined balancing rules and subsequent packets are sent through the same interface. This has the advantage that packets always arrive in order if links with different speeds are in use. @@ -150,7 +150,7 @@ For multi target health checking multiple tests can be defined: Source NAT rules ---------------- -Per default, interfaces used in a load balancing pool replace the source IP of each outgoing packet with its own address to ensure that replies arrive on the same interface. +Per default, interfaces used in a load balancing pool replace the source IP of each outgoing packet with its own address to ensure that replies arrive on the same interface. This works through automatically generated source NAT (SNAT) rules, these rules are only applied to balanced traffic. In cases where this behaviour is not desired, the automatic generation of SNAT rules can be disabled: .. code-block:: console diff --git a/docs/nat.rst b/docs/nat.rst index 6536fa53..4e21ad3a 100644 --- a/docs/nat.rst +++ b/docs/nat.rst @@ -55,7 +55,7 @@ reserving an average of 200-300 sessions per host system. Example: For an ~8,000 host network a source NAT pool of 32 IP addresses is recommended. -A pool of addresses can be defined by using a **-** in the +A pool of addresses can be defined by using a **-** in the `set nat source rule [n] translation address` statement. .. code-block:: console @@ -429,7 +429,7 @@ Additionally, we want to use VPNs only on our eth1 interface (the external inter IPSec VPN Tunnels ***************** -We'll use the IKE and ESP groups created above for this VPN. +We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too. diff --git a/docs/qos.rst b/docs/qos.rst index f749e3e5..01375ce3 100644 --- a/docs/qos.rst +++ b/docs/qos.rst @@ -53,18 +53,18 @@ Once a traffic-policy is created, you can apply it to an interface : set interfaces ethernet eth0 traffic-policy in WAN-IN set interfaces etherhet eth0 traffic-policy out WAN-OUT - + A Real-World Example ^^^^^^^^^^^^^^^^^^^^ This policy sets download and upload bandwidth maximums (roughly 90% of the speeds possible), then divvies -up the traffic into buckets of importance, giving guaranteed bandwidth chunks to types of +up the traffic into buckets of importance, giving guaranteed bandwidth chunks to types of traffic that are necessary for general interactive internet use, like web browsing, streaming, or gaming. After identifying and prioritizing that traffic, it drops the remaining traffic into a general-priority bucket, which it gives a lower priority than what is required for real-time use. If there is no real-time traffic that needs the bandwidth, the lower-priority traffic can use most of the connection. This ensures -that the connection can be used fully by whatever wants it, without suffocating real-time traffic or +that the connection can be used fully by whatever wants it, without suffocating real-time traffic or throttling background traffic too much. .. code-block:: console diff --git a/docs/routing/igmp-proxy.rst b/docs/routing/igmp-proxy.rst index 3a44ced6..6cf5187e 100644 --- a/docs/routing/igmp-proxy.rst +++ b/docs/routing/igmp-proxy.rst @@ -16,7 +16,7 @@ Interface eth1 LAN is behind NAT. In order to subscribe 10.0.0.0/23 subnet multi .. code-block:: console - # show protocols igmp-proxy + # show protocols igmp-proxy interface eth0 { alt-subnet 10.0.0.0/23 role upstream diff --git a/docs/routing/routing-policy.rst b/docs/routing/routing-policy.rst index 4c4a4707..408be955 100644 --- a/docs/routing/routing-policy.rst +++ b/docs/routing/routing-policy.rst @@ -19,12 +19,12 @@ Routing Policy Example #Create policy set policy route-map setmet rule 2 action 'permit' - set policy route-map setmet rule 2 set as-path-prepend '2 2 2' - + set policy route-map setmet rule 2 set as-path-prepend '2 2 2' + #Apply policy to BGP set protocols bgp 1 neighbor 1.1.1.2 address-family ipv4-unicast route-map import 'setmet' - set protocols bgp 1 neighbor 1.1.1.2 address-family ipv4-unicast soft-reconfiguration 'inbound' <<<< *** - + set protocols bgp 1 neighbor 1.1.1.2 address-family ipv4-unicast soft-reconfiguration 'inbound' <<<< *** + *** get policy update without bouncing the neighbor **Routes learned before routing policy applied:** @@ -36,10 +36,10 @@ Routing Policy Example Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete - + Network Next Hop Metric LocPrf Weight Path - *> 22.22.22.22/32 1.1.1.2 1 0 2 i < Path - + *> 22.22.22.22/32 1.1.1.2 1 0 2 i < Path + Total number of prefixes 1 **Routes learned after routing policy applied:** @@ -51,9 +51,9 @@ Routing Policy Example Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete - + Network Next Hop Metric LocPrf Weight Path *> 22.22.22.22/32 1.1.1.2 1 0 2 2 2 2 i < longer AS_path length - + Total number of prefixes 1 - vyos@vos1:~$ + vyos@vos1:~$ diff --git a/docs/services/dns-forwarding.rst b/docs/services/dns-forwarding.rst index 2ab04707..f28c2d21 100644 --- a/docs/services/dns-forwarding.rst +++ b/docs/services/dns-forwarding.rst @@ -28,7 +28,7 @@ Setting a forwarding DNS server for a specific domain: .. code-block:: console set service dns forwarding domain example.com server 192.0.2.1 - + Set which networks or clients are allowed to query the DNS Server. Allow from all: .. code-block:: console @@ -68,5 +68,5 @@ The IP addresses for the LAN interface are 192.168.0.1 and 2001:db8::1 set service dns forwarding name-server 2001:4860:4860::8888 set service dns forwarding name-server 2001:4860:4860::8844 set service dns forwarding listen-address 2001:db8::1 - set service dns forwarding listen-address 192.168.0.1 + set service dns forwarding listen-address 192.168.0.1 set service dns forwarding allow-from 0.0.0.0/0 diff --git a/docs/services/ipoe-server.rst b/docs/services/ipoe-server.rst index 1e5e72dc..76a199b4 100644 --- a/docs/services/ipoe-server.rst +++ b/docs/services/ipoe-server.rst @@ -26,7 +26,7 @@ Other DHCP discovery requests will be ignored, unless the client mac has been en set service ipoe-server interface eth2 client-subnet '192.168.0.0/24' -The first address of the parameter ``client-subnet``, will be used as the default gateway. +The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command. .. code-block:: console @@ -59,10 +59,10 @@ IPv6 DNS addresses are optional. .. code-block:: console - vyos@ipoe-server# run sh ipoe-server sessions - ifname | called-sid | calling-sid | ip | ip6 | ip6-dp | rate-limit | state | uptime | sid + vyos@ipoe-server# run sh ipoe-server sessions + ifname | called-sid | calling-sid | ip | ip6 | ip6-dp | rate-limit | state | uptime | sid -------+------------+-------------------+-------------+---------------------------------+-----------------+------------+--------+----------+------------------ - ipoe0 | eth3 | 08:00:27:2f:d8:06 | 192.168.1.2 | 2001:db8::a00:27ff:fe2f:d806/64 | 2001:db8:1::/56 | | active | 01:02:59 | 4626faf71b12cc25 + ipoe0 | eth3 | 08:00:27:2f:d8:06 | 192.168.1.2 | 2001:db8::a00:27ff:fe2f:d806/64 | 2001:db8:1::/56 | | active | 01:02:59 | 4626faf71b12cc25 The clients cpe can now communicate via IPv4 or IPv6. All devices behind ``2001:db8::a00:27ff:fe2f:d806/64`` can use addresses from ``2001:db8:1::/56`` and can @@ -100,7 +100,7 @@ Bandwidth Shaping Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes. -Bandwidth Shaping for local users +Bandwidth Shaping for local users ================================= The rate-limit is set in kbit/sec. @@ -117,9 +117,9 @@ The rate-limit is set in kbit/sec. .. code-block:: console - vyos@vyos# run show ipoe-server sessions + vyos@vyos# run show ipoe-server sessions - ifname | called-sid | calling-sid | ip | ip6 | ip6-dp | rate-limit | state | uptime | sid + ifname | called-sid | calling-sid | ip | ip6 | ip6-dp | rate-limit | state | uptime | sid -------+------------+-------------------+-------------+-----+--------+------------+--------+----------+------------------ ipoe0 | eth2 | 08:00:27:2f:d8:06 | 192.168.0.2 | | | 500/500 | active | 00:00:05 | dccc870fd31349fb diff --git a/docs/services/pppoe-server.rst b/docs/services/pppoe-server.rst index 3f42ceab..0d2d4e80 100644 --- a/docs/services/pppoe-server.rst +++ b/docs/services/pppoe-server.rst @@ -33,9 +33,9 @@ Connections can be locally checked via the command .. code-block:: console show pppoe-server sessions - ifname | username | ip | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes + ifname | username | ip | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes -------+----------+------------+-------------------+-------------+--------+----------+----------+---------- - ppp0 | foo | 10.1.1.100 | 08:00:27:ba:db:15 | 20480/10240 | active | 00:00:11 | 214 B | 76 B + ppp0 | foo | 10.1.1.100 | 08:00:27:ba:db:15 | 20480/10240 | active | 00:00:11 | 214 B | 76 B Client IP address pools @@ -95,7 +95,7 @@ Example, from radius-server send command for disconnect client with username tes .. code-block:: console root@radius-server:~# echo "User-Name=test" | radclient -x 10.1.1.2:3799 disconnect secret123 - + You can also use another attributes for identify client for disconnect, like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in log @@ -136,7 +136,7 @@ Bandwidth Shaping Bandwidth rate limits can be set for local users or RADIUS based attributes. -Bandwidth Shaping for local users +Bandwidth Shaping for local users ================================= The rate-limit is set in kbit/sec. @@ -209,8 +209,8 @@ The client, once successfully authenticated, will receive an IPv4 and an IPv6 /6 .. code-block:: console - vyos@pppoe-server:~$ sh pppoe-server sessions - ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes + vyos@pppoe-server:~$ sh pppoe-server sessions + ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes --------+----------+-------------+--------------------------+---------------------+-------------------+------------+--------+----------+----------+---------- ppp0 | test | 192.168.0.1 | 2001:db8:8002:0:200::/64 | 2001:db8:8003::1/56 | 08:00:27:12:42:eb | | active | 00:00:49 | 875 B | 2.1 KiB diff --git a/docs/services/snmp.rst b/docs/services/snmp.rst index ecb95d1b..2c0d958f 100644 --- a/docs/services/snmp.rst +++ b/docs/services/snmp.rst @@ -205,7 +205,7 @@ SNMP Extensions ^^^^^^^^^^^^^^^ To extend SNMP agent functionality, custom scripts can be executed every time -the agent is being called. This can be achieved by using +the agent is being called. This can be achieved by using ``arbitrary extensioncommands``. The first step is to create a functional script of course, then upload it to your VyOS instance via the command ``scp your_script.sh vyos@your_router:/config/user-data``. diff --git a/docs/services/webproxy.rst b/docs/services/webproxy.rst index 8aca0b85..eaccc4df 100644 --- a/docs/services/webproxy.rst +++ b/docs/services/webproxy.rst @@ -105,9 +105,9 @@ Directory as authentication backend. Queries are done via LDAP. listen-address 192.168.188.103 { disable-transparent } - + * ``base-dn`` set the base directory for the search -* ``bind-dn`` and ``password``: set the user, which is used for the ldap search +* ``bind-dn`` and ``password``: set the user, which is used for the ldap search * ``filter-expression``: set the exact filter which a authorized user match in a ldap-search. In this example every User is able to authorized. You can find more about the ldap authentication `here <http://www.squid-cache.org/Versions/v3/3.2/manuals/basic_ldap_auth.html>`_ diff --git a/docs/system/config-management.rst b/docs/system/config-management.rst index 9c4cc491..f21562fd 100644 --- a/docs/system/config-management.rst +++ b/docs/system/config-management.rst @@ -28,6 +28,6 @@ A commit look now like this: Archiving config... tftp://10.0.0.2 OK [edit] - vyos@vyos-R1# + vyos@vyos-R1# The filename has this format: config.boot-hostname.YYYYMMDD_HHMMSS
\ No newline at end of file diff --git a/docs/system/eventhandler.rst b/docs/system/eventhandler.rst index 31f05f2c..6496c556 100644 --- a/docs/system/eventhandler.rst +++ b/docs/system/eventhandler.rst @@ -31,7 +31,7 @@ In this small example a script runs every time a login failed and an interface g .. code-block:: console - vyos@vyos# show system event-handler + vyos@vyos# show system event-handler feed Syslog { policy MyPolicy source { @@ -43,6 +43,6 @@ In this small example a script runs every time a login failed and an interface g event BadThingsHappened { pattern "authentication failure" pattern "interface \.* index \d+ .* DOWN.*" - run /config/scripts/email-to-admin + run /config/scripts/email-to-admin } }
\ No newline at end of file diff --git a/docs/system/proxy.rst b/docs/system/proxy.rst index f57b5cd2..421cd141 100644 --- a/docs/system/proxy.rst +++ b/docs/system/proxy.rst @@ -4,7 +4,7 @@ System Proxy ============ Some IT environments require the use of a proxy to connect to the Internet. -The ``system proxy`` option sets the configuration for a proxy, and if necessary, supports `basic auth`_. +The ``system proxy`` option sets the configuration for a proxy, and if necessary, supports `basic auth`_. This example sets a proxy for all connections initiated by VyOS, including HTTP, HTTPS, and FTP (anonymous ftp). @@ -14,7 +14,7 @@ This example sets a proxy for all connections initiated by VyOS, including HTTP, set system proxy port 8080 # If a username and password are required - set system proxy username vyosuser + set system proxy username vyosuser set system proxy password vyosuser-password That enables the update of a system image if the VyOS system operates behind a proxy. diff --git a/docs/vpn/dmvpn.rst b/docs/vpn/dmvpn.rst index 3715e5de..5794100b 100644 --- a/docs/vpn/dmvpn.rst +++ b/docs/vpn/dmvpn.rst @@ -160,7 +160,7 @@ HUB Example Configuration: set protocols static route 0.0.0.0/0 next-hop 1.1.1.2 set protocols static route 192.168.2.0/24 next-hop 10.0.0.2 set protocols static route 192.168.3.0/24 next-hop 10.0.0.3 - + HUB on AWS Configuration Specifics ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/vpn/wireguard.rst b/docs/vpn/wireguard.rst index 2ccf7b57..76f1f6ee 100644 --- a/docs/vpn/wireguard.rst +++ b/docs/vpn/wireguard.rst @@ -42,7 +42,7 @@ Named keypairs can be used on a interface basis, if configured. If multiple wireguard interfaces are being configured, each can have their own keypairs. -The commands below will generate 2 keypairs, which are not related +The commands below will generate 2 keypairs, which are not related to each other. .. code-block:: console @@ -170,7 +170,7 @@ In the following example, the IPs for the remote clients are defined in the peer port 2224 } -The following is the config for the iPhone peer above. It's important to note that the ``AllowedIPs`` setting +The following is the config for the iPhone peer above. It's important to note that the ``AllowedIPs`` setting directs all IPv4 and IPv6 traffic through the connection. .. code-block:: console |