diff options
| -rw-r--r-- | docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst | 5 | ||||
| -rw-r--r-- | docs/configuration/interfaces/wireguard.rst | 7 | ||||
| -rw-r--r-- | docs/configuration/vpn/l2tp.rst | 24 |
3 files changed, 18 insertions, 18 deletions
diff --git a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst index 0f7c9daf..370cf9d6 100644 --- a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst +++ b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst @@ -208,9 +208,8 @@ Firewall ======== Finally, don't forget the :ref:`Firewall<configuration/firewall/index:Firewall>`. The usage is identical, except for -instead of `set firewall name NAME`, you would use `set firewall ipv6-name +instead of `set firewall ipv4 name NAME`, you would use `set firewall ipv6 name NAME`. -Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 -firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall +Similarly, to attach the firewall, you would use `set firewall ipv6 name NAME rule N inbound-interface name eth0` or `set firewall zone LOCAL from WAN firewall ipv6-name`. diff --git a/docs/configuration/interfaces/wireguard.rst b/docs/configuration/interfaces/wireguard.rst index db2ff2c7..b4e4d8db 100644 --- a/docs/configuration/interfaces/wireguard.rst +++ b/docs/configuration/interfaces/wireguard.rst @@ -220,14 +220,15 @@ firewall exception. set firewall ipv4 name OUTSIDE_LOCAL rule 20 destination port 51820 set firewall ipv4 name OUTSIDE_LOCAL rule 20 log enable set firewall ipv4 name OUTSIDE_LOCAL rule 20 protocol udp - set firewall ipv4 name OUTSIDE_LOCAL rule 20 source You should also ensure that the OUTSIDE_LOCAL firewall group is applied to the -WAN interface and a direction (local). +WAN interface and in an input (local) direction. .. code-block:: none - set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL' + set firewall ipv4 input filter rule 10 action jump + set firewall ipv4 input filter rule 10 jump-target 'OUTSIDE_LOCAL' + set firewall ipv4 input filter rule 10 inbound-interface name 'eth0' Assure that your firewall rules allow the traffic, in which case you have a working VPN using WireGuard. diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst index 3fa34449..7fdf8599 100644 --- a/docs/configuration/vpn/l2tp.rst +++ b/docs/configuration/vpn/l2tp.rst @@ -92,18 +92,18 @@ Example: .. code-block:: none - set firewall name OUTSIDE-LOCAL rule 40 action 'accept' - set firewall name OUTSIDE-LOCAL rule 40 protocol 'esp' - set firewall name OUTSIDE-LOCAL rule 41 action 'accept' - set firewall name OUTSIDE-LOCAL rule 41 destination port '500' - set firewall name OUTSIDE-LOCAL rule 41 protocol 'udp' - set firewall name OUTSIDE-LOCAL rule 42 action 'accept' - set firewall name OUTSIDE-LOCAL rule 42 destination port '4500' - set firewall name OUTSIDE-LOCAL rule 42 protocol 'udp' - set firewall name OUTSIDE-LOCAL rule 43 action 'accept' - set firewall name OUTSIDE-LOCAL rule 43 destination port '1701' - set firewall name OUTSIDE-LOCAL rule 43 ipsec 'match-ipsec' - set firewall name OUTSIDE-LOCAL rule 43 protocol 'udp' + set firewall ipv4 name OUTSIDE-LOCAL rule 40 action 'accept' + set firewall ipv4 name OUTSIDE-LOCAL rule 40 protocol 'esp' + set firewall ipv4 name OUTSIDE-LOCAL rule 41 action 'accept' + set firewall ipv4 name OUTSIDE-LOCAL rule 41 destination port '500' + set firewall ipv4 name OUTSIDE-LOCAL rule 41 protocol 'udp' + set firewall ipv4 name OUTSIDE-LOCAL rule 42 action 'accept' + set firewall ipv4 name OUTSIDE-LOCAL rule 42 destination port '4500' + set firewall ipv4 name OUTSIDE-LOCAL rule 42 protocol 'udp' + set firewall ipv4 name OUTSIDE-LOCAL rule 43 action 'accept' + set firewall ipv4 name OUTSIDE-LOCAL rule 43 destination port '1701' + set firewall ipv4 name OUTSIDE-LOCAL rule 43 ipsec 'match-ipsec' + set firewall ipv4 name OUTSIDE-LOCAL rule 43 protocol 'udp' To allow VPN-clients access via your external address, a NAT rule is required: |