7 files changed, 67 insertions, 42 deletions
diff --git a/docs/configexamples/ansible.rst b/docs/configexamples/ansible.rst
index fc243c44..0f4dbbda 100644
--- a/docs/configexamples/ansible.rst
+++ b/docs/configexamples/ansible.rst
@@ -1,4 +1,4 @@
-:lastproofread: 2023-10-18
+:lastproofread: 2024-04-09
 
 .. _examples-ansible:
 
@@ -33,14 +33,14 @@ We have four pre-configured routers with this configuration:
 * vyos9 - 192.0.2.107
 * vyos10 - 192.0.2.108
 
-Install the Ansible:
+Install Ansible:
 ====================
 .. code-block:: none
 
 	# apt-get install ansible
 	Do you want to continue? [Y/n] y
 
-Install the paramiko:
+Install Paramiko:
 =====================
 
 .. code-block:: none
@@ -60,7 +60,7 @@ Check the version:
 	executable location = /usr/bin/ansible
 	python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110]
 
-Basik configuration of the ansible.cfg:
+Basic configuration of ansible.cfg:
 =======================================
 
 .. code-block:: none
@@ -69,8 +69,8 @@ Basik configuration of the ansible.cfg:
 	[defaults]
 	host_key_checking = no
 
-Add all the hosts of VyOS:
-==========================
+Add all the VyOS hosts:
+=======================
 
 .. code-block:: none
 
@@ -95,8 +95,8 @@ Add general variables:
 	ansible_ssh_pass: vyos
 
 
-Add the simple playbook with the tasks for each router:
-=======================================================
+Add a simple playbook with the tasks for each router:
+=====================================================
 
 .. code-block:: none
 
@@ -213,4 +213,4 @@ The simple way without configuration of the hostname (one task for all routers):
 	vyos9                      : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
 	
 
-In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables.
+In the next chapter of the example, we'll use Ansible with jinja2 templates and variables.
diff --git a/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst b/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst
index e42d3567..6666399d 100644
--- a/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst
+++ b/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst
@@ -7,9 +7,9 @@ OpenVPN with LDAP
 | Testdate: 2023-05-11
 | Version: 1.4-rolling-202305100734
 
-This LAB show how to uwe OpenVPN with a Active Directory authentication backend.
+This LAB shows how to use OpenVPN with a Active Directory authentication method.
 
-The Topology are consists of:
+Topology consists of:
  * Windows Server 2019 with a running Active Directory
  * VyOS as a OpenVPN Server
  * VyOS as Client
@@ -20,7 +20,7 @@ The Topology are consists of:
 Active Directory on Windows server
 ==================================
 
-The Lab asume a full running Active Directory on the Windows Server.
+The lab assumes a full running Active Directory on the Windows Server.
 Here are some PowerShell commands to quickly add a Test Active Directory.
 
 .. code-block:: powershell
@@ -36,7 +36,7 @@ Here are some PowerShell commands to quickly add a Test Active Directory.
     New-ADUser user01 -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true
 
 
-Configuration VyOS as OpenVPN Server
+Configure VyOS as OpenVPN Server
 ====================================
 
 In this example OpenVPN will be setup with a client certificate and username / password authentication.
@@ -53,7 +53,7 @@ Please look :ref:`here <configuration/pki/index:pki>` for more information.
 
 Now generate all required certificates on the ovpn-server:
 
-first the PCA
+First the CA
 
 .. code-block:: none
 
@@ -249,11 +249,27 @@ save the output to a file and import it in nearly all openvpn clients.
    
    </key>
 
+Configure VyOS as client
+------------------------
+
+.. code-block:: none
+
+   set interfaces openvpn vtun10 authentication username 'user01'
+   set interfaces openvpn vtun10 authentication password '$ecret'
+   set interfaces openvpn vtun10 encryption cipher 'aes256'
+   set interfaces openvpn vtun10 hash 'sha512'
+   set interfaces openvpn vtun10 mode 'client'
+   set interfaces openvpn vtun10 persistent-tunnel
+   set interfaces openvpn vtun10 protocol 'udp'
+   set interfaces openvpn vtun10 remote-host '198.51.100.254'
+   set interfaces openvpn vtun10 remote-port '1194'
+   set interfaces openvpn vtun10 tls ca-certificate 'OVPN-CA'
+   set interfaces openvpn vtun10 tls certificate 'CLIENT'
 
 Monitoring
 ==========
 
-If the client is connect successfully you can check the output with
+If the client is connected successfully you can check the status
 
 .. code-block:: none
 
diff --git a/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf b/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf
index 03889ffd..ab70ccc5 100644
--- a/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf
+++ b/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf
@@ -1,8 +1,8 @@
-set interfaces tunnel tun0 address '2001:470:6c:779::2/64' #Tunnelbroker Client IPv6 Address
+set interfaces tunnel tun0 address '2001:470:6c:779::2/64' #Tunnelbroker Client IPv6 address
 set interfaces tunnel tun0 description 'HE.NET IPv6 Tunnel'
 set interfaces tunnel tun0 encapsulation 'sit'
-set interfaces tunnel tun0 remote '216.66.86.114' #Tunnelbroker Server IPv4 Address
-set interfaces tunnel tun0 source-address '172.29.129.60' # Tunnelbroker Client IPv4 Address or if there is NAT the current WAN interface address
+set interfaces tunnel tun0 remote '216.66.86.114' #Tunnelbroker Server IPv4 address
+set interfaces tunnel tun0 source-address '172.29.129.60' # Tunnelbroker Client IPv4 address. See note below
 
 set protocols static route6 ::/0 interface tun0
 
@@ -10,4 +10,4 @@ set interface ethernet eth2 address '2001:470:6d:778::1/64' # Tunnelbroker Route
 set service router-advert interface eth2 name-server '2001:470:20::2'
 set service router-advert interface eth2 prefix 2001:470:6d:778::/64 # Tunnelbroker Routed /64 prefix
 
-set system name-server 2001:470:20::2 #Tunnelbroker DNS Server
-\ No newline at end of file
+set system name-server 2001:470:20::2 #Tunnelbroker DNS Server
diff --git a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst
index 96c2e1af..5bfcb642 100644
--- a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst
+++ b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst
@@ -48,7 +48,15 @@ Now we are able to setup the tunnel interface.
    :language: none
    :lines: 1-5
 
-Setup the ipv6 default route to the tunnel interface
+.. note:: The `source-address` is the Tunnelbroker client IPv4 
+          address or if there is NAT the current WAN interface address.
+
+          If `source-address` is  dynamic, the tunnel will cease working once 
+          the address changes. To avoid having to manually update
+          `source-address` each time the dynamic IP changes, an address of  
+          '0.0.0.0' can be specified.
+
+Setup the IPv6 default route to the tunnel interface
 
 .. literalinclude:: _include/vyos-wan_tun0.conf
    :language: none
@@ -204,4 +212,5 @@ instead of `set firewall name NAME`, you would use `set firewall ipv6-name
 NAME`.
 
 Similarly, to attach the firewall, you would use `set interfaces ethernet eth0
-firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`.
-\ No newline at end of file
+firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall 
+ipv6-name`.
diff --git a/docs/configexamples/policy-based-ipsec-and-firewall.rst b/docs/configexamples/policy-based-ipsec-and-firewall.rst
index 9b7ba73a..8dc07de6 100644
--- a/docs/configexamples/policy-based-ipsec-and-firewall.rst
+++ b/docs/configexamples/policy-based-ipsec-and-firewall.rst
@@ -5,39 +5,39 @@ Policy-Based Site-to-Site VPN and Firewall Configuration
 --------------------------------------------------------
 
 This guide shows an example policy-based IKEv2 site-to-site VPN between two
-VyOS routers, and firewall configiuration.
+VyOS routers, and firewall configuration.
 
-For simplicity, configuration and tests are done only using ipv4, and firewall
-configuration in done only on one router.
+For simplicity, configuration and tests are done only using IPv4, and firewall
+configuration is done only on one router.
 
 Network Topology and requirements
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-This configuration example and the requirments consists on:
+This configuration example and the requirements consists of:
 
 - Two VyOS routers with public IP address.
 
 - 2 private subnets on each site.
 
-- Local subnets should be able to reach internet using source nat.
+- Local subnets should be able to reach internet using source NAT.
 
-- Communication between private subnets should be done through ipsec tunnel
-  without nat.
+- Communication between private subnets should be done through IPSec tunnel
+  without NAT.
 
 - Configuration of basic firewall in one site, in order to:
 
-    - Protect the router on 'WAN' interface, allowing only ipsec connections
-      and ssh access from trusted ips.
+    - Protect the router on 'WAN' interface, allowing only IPSec connections
+      and SSH access from trusted IPs.
 
     - Allow access to the router only from trusted networks.
     
-    - Allow dns requests only only for local networks.
+    - Allow DNS requests only only for local networks.
 
-    - Allow icmp on all interfaces.
+    - Allow ICMP on all interfaces.
 
     - Allow all new connections from local subnets.
 
-    - Allow connections from LANs to LANs throught the tunnel.
+    - Allow connections from LANs to LANs through the tunnel.
 
 
 .. image:: /_static/images/policy-based-ipsec-and-firewall.png
@@ -203,7 +203,7 @@ And NAT Configuration:
 Checking through op-mode commands
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-After some testing, we can check ipsec status, and counter on every tunnel:
+After some testing, we can check IPSec status, and counter on every tunnel:
 
 .. code-block:: none
 
diff --git a/docs/configexamples/wan-load-balancing.rst b/docs/configexamples/wan-load-balancing.rst
index ace9a981..0952cfe5 100644
--- a/docs/configexamples/wan-load-balancing.rst
+++ b/docs/configexamples/wan-load-balancing.rst
@@ -69,7 +69,7 @@ Example 2: Failover based on interface weights
 
 This example uses the failover mode.
 
-.. _wan:example2_overwiew:
+.. _wan:example2_overview:
 
 Overview
 ^^^^^^^^
@@ -98,7 +98,7 @@ The previous example used the failover command to send traffic through
 eth1 if eth0 fails. In this example, failover functionality is provided
 by rule order.
 
-.. _wan:example3_overwiew:
+.. _wan:example3_overview:
 
 Overview
 ^^^^^^^^
@@ -129,7 +129,7 @@ traffic. It is assumed for this example that eth1 is connected to a
 slower connection than eth0 and should prioritize VoIP traffic.
 
 
-.. _wan:example4_overwiew:
+.. _wan:example4_overview:
 
 Overview
 ^^^^^^^^
diff --git a/docs/configexamples/zone-policy.rst b/docs/configexamples/zone-policy.rst
index 08db13b9..95648e7a 100644
--- a/docs/configexamples/zone-policy.rst
+++ b/docs/configexamples/zone-policy.rst
@@ -6,7 +6,7 @@ Zone-Policy example
 -------------------
 
 .. note:: Starting from VyOS 1.4-rolling-202308040557, a new firewall
-   structure can be found on all vyos instalations, and zone based firewall is
+   structure can be found on all vyos installations, and zone based firewall is
    no longer supported. Documentation for most of the new firewall CLI can be
    found in the `firewall
    <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_
@@ -145,7 +145,7 @@ To add logging to the default rule, do:
 
 .. code-block:: none
 
-  set firewall name <ruleSet> enable-default-log
+  set firewall name <ruleSet> default-log
 
 
 By default, iptables does not allow traffic for established sessions to
@@ -251,7 +251,7 @@ Since we have 4 zones, we need to setup the following rulesets.
   Dmz-local
 
 Even if the two zones will never communicate, it is a good idea to
-create the zone-pair-direction rulesets and set enable-default-log. This
+create the zone-pair-direction rulesets and set default-log. This
 will allow you to log attempts to access the networks. Without it, you
 will never see the connection attempts.
 
@@ -261,7 +261,7 @@ This is an example of the three base rules.
 
   name wan-lan {
     default-action drop
-    enable-default-log
+    default-log
     rule 1 {
       action accept
       state {
@@ -285,7 +285,7 @@ Here is an example of an IPv6 DMZ-WAN ruleset.
 
   ipv6-name dmz-wan-6 {
     default-action drop
-    enable-default-log
+    default-log
     rule 1 {
       action accept
       state {