diff options
Diffstat (limited to 'docs/configuration')
| -rw-r--r-- | docs/configuration/nat/index.rst | 1 | ||||
| -rw-r--r-- | docs/configuration/nat/nat64.rst | 81 | ||||
| -rw-r--r-- | docs/configuration/service/lldp.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/system/frr.rst | 38 | ||||
| -rw-r--r-- | docs/configuration/system/index.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/system/updates.rst | 37 | ||||
| -rw-r--r-- | docs/configuration/vpn/sstp.rst | 3 |
7 files changed, 162 insertions, 2 deletions
diff --git a/docs/configuration/nat/index.rst b/docs/configuration/nat/index.rst index 90275226..6556b7f9 100644 --- a/docs/configuration/nat/index.rst +++ b/docs/configuration/nat/index.rst @@ -9,4 +9,5 @@ NAT :includehidden: nat44 + nat64 nat66 diff --git a/docs/configuration/nat/nat64.rst b/docs/configuration/nat/nat64.rst new file mode 100644 index 00000000..e8a3a0e6 --- /dev/null +++ b/docs/configuration/nat/nat64.rst @@ -0,0 +1,81 @@ +.. _nat64: + +##### +NAT64 +##### + +:abbr:`NAT64 (IPv6-to-IPv4 Prefix Translation)` is a critical component in +modern networking, facilitating communication between IPv6 and IPv4 networks. +This documentation outlines the setup, configuration, and usage of the NAT64 +feature in your project. Whether you are transitioning to IPv6 or need to +seamlessly connect IPv4 and IPv6 devices. +NAT64 is a stateful translation mechanism that translates IPv6 addresses to +IPv4 addresses and IPv4 addresses to IPv6 addresses. NAT64 is used to enable +IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP. + + +Overview +======== + +Different NAT Types +------------------- + +.. _source-nat64: + +SNAT64 +^^^^^^ + +:abbr:`SNAT64 (IPv6-to-IPv4 Source Address Translation)` is a stateful +translation mechanism that translates IPv6 addresses to IPv4 addresses. + +``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 addresses. +The prefix is used to represent IPv4 addresses in an IPv6 address format. +The IPv4 address is encoded in the low-order 32 bits of the IPv6 address. +The high-order 32 bits are set to the well-known prefix 64:ff9b::/96. + + +Configuration Examples +====================== + +The following examples show how to configure NAT64 on a VyOS router. +The 192.0.2.10 address is used as the IPv4 address for the translation pool. + + +NAT64 server configuration: + +.. code-block:: none + + set interfaces ethernet eth0 address '192.0.2.1/24' + set interfaces ethernet eth0 address '192.0.2.10/24' + set interfaces ethernet eth0 description 'WAN' + set interfaces ethernet eth1 address '2001:db8::1/64' + set interfaces ethernet eth1 description 'LAN' + + set service dns forwarding allow-from '2001:db8::/64' + set service dns forwarding dns64-prefix '64:ff9b::/96' + set service dns forwarding listen-address '2001:db8::1' + + set nat64 source rule 100 source prefix '64:ff9b::/96' + set nat64 source rule 100 translation pool 10 address '192.0.2.10' + set nat64 source rule 100 translation pool 10 port '1-65535' + +NAT64 client configuration: + +.. code-block:: none + + set interfaces ethernet eth1 address '2001:db8::2/64' + set protocols static route6 64:ff9b::/96 next-hop 2001:db8::1 + set system name-server '2001:db8::1' + +Test from the IPv6 only client: + +.. code-block:: none + + vyos@r1:~$ ping 64:ff9b::192.0.2.1 count 2 + PING 64:ff9b::192.0.2.1(64:ff9b::c000:201) 56 data bytes + 64 bytes from 64:ff9b::c000:201: icmp_seq=1 ttl=63 time=0.351 ms + 64 bytes from 64:ff9b::c000:201: icmp_seq=2 ttl=63 time=0.373 ms + + --- 64:ff9b::192.0.2.1 ping statistics --- + 2 packets transmitted, 2 received, 0% packet loss, time 1023ms + rtt min/avg/max/mdev = 0.351/0.362/0.373/0.011 ms diff --git a/docs/configuration/service/lldp.rst b/docs/configuration/service/lldp.rst index aa357211..12a9e0b6 100644 --- a/docs/configuration/service/lldp.rst +++ b/docs/configuration/service/lldp.rst @@ -54,7 +54,7 @@ Configuration Disable transmit of LLDP frames on given `<interface>`. Useful to exclude certain interfaces from LLDP when ``all`` have been enabled. -.. cfgcmd:: set service lldp snmp enable +.. cfgcmd:: set service lldp snmp Enable SNMP queries of the LLDP database diff --git a/docs/configuration/system/frr.rst b/docs/configuration/system/frr.rst new file mode 100644 index 00000000..a7f7ff93 --- /dev/null +++ b/docs/configuration/system/frr.rst @@ -0,0 +1,38 @@ +.. _system_frr: + +### +FRR +### + +VyOS uses [FRRouting](https://frrouting.org/) as the control plane for dynamic +and static routing. The routing daemon behavior can be adjusted during runtime, +but require either a restart of the routing daemon, or a reboot of the system. + +.. cfgcmd:: set system frr bmp + + Enable :abbr:`BMP (BGP Monitoring Protocol)` support + +.. cfgcmd:: set system frr descriptors <numer> + + This allows the operator to control the number of open file descriptors + each daemon is allowed to start with. If the operator plans to run bgp with + several thousands of peers then this is where we would modify FRR to allow + this to happen. + +.. cfgcmd:: set system frr irdp + + Enable ICMP Router Discovery Protocol support + +.. cfgcmd:: set system frr snmp <daemon> + + Enable SNMP support for an individual routing daemon. + + Supported daemons: + + - bgpd + - isisd + - ldpd + - ospf6d + - ospfd + - ripd + - zebra diff --git a/docs/configuration/system/index.rst b/docs/configuration/system/index.rst index 23edaa3f..dbb63d09 100644 --- a/docs/configuration/system/index.rst +++ b/docs/configuration/system/index.rst @@ -11,6 +11,7 @@ System conntrack console flow-accounting + frr host-name ip ipv6 @@ -24,6 +25,7 @@ System sysctl task-scheduler time-zone + updates .. toctree:: diff --git a/docs/configuration/system/updates.rst b/docs/configuration/system/updates.rst new file mode 100644 index 00000000..a55bfa9a --- /dev/null +++ b/docs/configuration/system/updates.rst @@ -0,0 +1,37 @@ +####### +Updates +####### + +VyOS supports online checking for updates + +Configuration +============= + +.. cfgcmd:: set system update-check auto-check + + Configure auto-checking for new images + + +.. cfgcmd:: set system update-check url <url> + + Configure a URL that contains information about images. + + +Example +======= + +.. code-block:: none + + set system update-check auto-check + set system update-check url 'https://raw.githubusercontent.com/vyos/vyos-rolling-nightly-builds/main/version.json' + +Check: + +.. code-block:: none + + vyos@r4:~$ show system updates + Current version: 1.5-rolling-202312220023 + + Update available: 1.5-rolling-202312250024 + Update URL: https://github.com/vyos/vyos-rolling-nightly-builds/releases/download/1.5-rolling-202312250024/1.5-rolling-202312250024-amd64.iso + vyos@r4:~$ diff --git a/docs/configuration/vpn/sstp.rst b/docs/configuration/vpn/sstp.rst index fa2b96c8..d9bb4353 100644 --- a/docs/configuration/vpn/sstp.rst +++ b/docs/configuration/vpn/sstp.rst @@ -293,7 +293,8 @@ Example set vpn sstp authentication local-users username vyos password vyos set vpn sstp authentication mode local set vpn sstp gateway-address 192.0.2.254 - set vpn sstp client-ip-pool subnet 192.0.2.0/25 + set vpn sstp client-ip-pool SSTP-POOL range 192.0.2.0/25 + set vpn sstp default-pool 'SSTP-POOL' set vpn sstp name-server 10.0.0.1 set vpn sstp name-server 10.0.0.2 set vpn sstp ssl ca-cert-file /config/auth/ca.crt |