summaryrefslogtreecommitdiff
path: root/docs/configuration/vpn/l2tp.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/configuration/vpn/l2tp.rst')
-rw-r--r--docs/configuration/vpn/l2tp.rst29
1 files changed, 15 insertions, 14 deletions
diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst
index d2215c1c..7fdf8599 100644
--- a/docs/configuration/vpn/l2tp.rst
+++ b/docs/configuration/vpn/l2tp.rst
@@ -92,18 +92,18 @@ Example:
.. code-block:: none
- set firewall name OUTSIDE-LOCAL rule 40 action 'accept'
- set firewall name OUTSIDE-LOCAL rule 40 protocol 'esp'
- set firewall name OUTSIDE-LOCAL rule 41 action 'accept'
- set firewall name OUTSIDE-LOCAL rule 41 destination port '500'
- set firewall name OUTSIDE-LOCAL rule 41 protocol 'udp'
- set firewall name OUTSIDE-LOCAL rule 42 action 'accept'
- set firewall name OUTSIDE-LOCAL rule 42 destination port '4500'
- set firewall name OUTSIDE-LOCAL rule 42 protocol 'udp'
- set firewall name OUTSIDE-LOCAL rule 43 action 'accept'
- set firewall name OUTSIDE-LOCAL rule 43 destination port '1701'
- set firewall name OUTSIDE-LOCAL rule 43 ipsec 'match-ipsec'
- set firewall name OUTSIDE-LOCAL rule 43 protocol 'udp'
+ set firewall ipv4 name OUTSIDE-LOCAL rule 40 action 'accept'
+ set firewall ipv4 name OUTSIDE-LOCAL rule 40 protocol 'esp'
+ set firewall ipv4 name OUTSIDE-LOCAL rule 41 action 'accept'
+ set firewall ipv4 name OUTSIDE-LOCAL rule 41 destination port '500'
+ set firewall ipv4 name OUTSIDE-LOCAL rule 41 protocol 'udp'
+ set firewall ipv4 name OUTSIDE-LOCAL rule 42 action 'accept'
+ set firewall ipv4 name OUTSIDE-LOCAL rule 42 destination port '4500'
+ set firewall ipv4 name OUTSIDE-LOCAL rule 42 protocol 'udp'
+ set firewall ipv4 name OUTSIDE-LOCAL rule 43 action 'accept'
+ set firewall ipv4 name OUTSIDE-LOCAL rule 43 destination port '1701'
+ set firewall ipv4 name OUTSIDE-LOCAL rule 43 ipsec 'match-ipsec'
+ set firewall ipv4 name OUTSIDE-LOCAL rule 43 protocol 'udp'
To allow VPN-clients access via your external address, a NAT rule is required:
@@ -180,11 +180,12 @@ RADIUS advanced options
.. cfgcmd:: set vpn l2tp remote-access authentication radius dynamic-author server <address>
- Specifies IP address for Dynamic Authorization Extension server (DM/CoA)
+ Specifies IP address for Dynamic Authorization Extension server (DM/CoA).
+ This IP must exist on any VyOS interface or it can be ``0.0.0.0``.
.. cfgcmd:: set vpn l2tp remote-access authentication radius dynamic-author port <port>
- Port for Dynamic Authorization Extension server (DM/CoA)
+ UDP port for Dynamic Authorization Extension server (DM/CoA)
.. cfgcmd:: set vpn l2tp remote-access authentication radius dynamic-author key <secret>
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-15 01:06:58 +0000