summaryrefslogtreecommitdiff
path: root/docs/services
diff options
context:
space:
mode:
Diffstat (limited to 'docs/services')
-rw-r--r--docs/services/dhcp.rst42
-rw-r--r--docs/services/dns-forwarding.rst9
-rw-r--r--docs/services/index.rst2
-rw-r--r--docs/services/ipoe-server.rst9
-rw-r--r--docs/services/lldp.rst106
-rw-r--r--docs/services/pppoe-server.rst6
-rw-r--r--docs/services/references.rst11
-rw-r--r--docs/services/snmp.rst6
-rw-r--r--docs/services/ssh.rst10
-rw-r--r--docs/services/sstp-server.rst6
-rw-r--r--docs/services/tftp.rst8
-rw-r--r--docs/services/udp-broadcast-relay.rst8
-rw-r--r--docs/services/webproxy.rst5
13 files changed, 116 insertions, 112 deletions
diff --git a/docs/services/dhcp.rst b/docs/services/dhcp.rst
index 19c92aac..bcadb673 100644
--- a/docs/services/dhcp.rst
+++ b/docs/services/dhcp.rst
@@ -6,6 +6,8 @@ DHCP / DHCPv6
VyOS uses ISC DHCPd for both IPv4 and IPv6 address assignment.
+.. _dhcp-server:
+
DHCP Server
===========
@@ -144,23 +146,23 @@ inside the subnet definition but can be outside of the range statement.
DHCP Options
------------
-.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 default-router '<address>'
+.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet 192.0.2.0/24 default-router <address>
Specify the default routers IPv4 address which should be used in this subnet.
This can - of course - be a VRRP address (DHCP option 003).
-.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 dns-server '<address>'
+.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet 192.0.2.0/24 dns-server <address>
Specify the DNS nameservers used (Option 006). This option may be used
mulltiple times to specify additional DNS nameservers.
-.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 domain-name '<domain-name>'
+.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet 192.0.2.0/24 domain-name <domain-name>
The domain-name parameter should be the domain name that will be appended to
the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP
Option 015).
-.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 domain-search '<domain-name>'
+.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet 192.0.2.0/24 domain-search <domain-name>
The domain-name parameter should be the domain name used when completing DNS
request where no full FQDN is passed. This option can be given multiple times
@@ -315,12 +317,24 @@ Always verify that the parameters are correct before commiting the configuration
Refer to isc-dhcp's dhcpd.conf manual for more information:
https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcpdconf
+Quotes can be used inside parameter values by replacing all quote characters
+with the string ``&quot;``. They will be replaced with literal quote characters
+when generating dhcpd.conf.
+
Example
^^^^^^^
.. opcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters "option domain-name-servers 192.0.2.11, 192.0.2.12;"
- Override the static-mapping's dns-server with a custom one that will be sent only to this host.
+ Override the static-mapping's dns-server with a custom one that will be sent
+ only to this host.
+
+.. opcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters "option pxelinux.configfile &quot;pxelinux.cfg/01-00-15-17-44-2d-aa&quot;;"
+
+ An option that takes a quoted string is set by replacing all quote characters
+ with the string ``&quot;`` inside the static-mapping-parameters value.
+ The resulting line in dhcpd.conf will be
+ ``option pxelinux.configfile "pxelinux.cfg/01-00-15-17-44-2d-aa";``.
Operation Mode
--------------
@@ -387,41 +401,41 @@ Configuration Options
Clients receiving advertise messages from multiple servers choose the server
with the highest preference value. The range for this value is ``0...255``.
-.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' lease-time {default | maximum | minimum}
+.. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet <prefix> lease-time {default | maximum | minimum}
The default lease time for DHCPv6 leases is 24 hours. This can be changed by
supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All
values need to be supplied in seconds.
-.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' nis-domain '<domain-name>'
+.. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet <prefix> nis-domain <domain-name>
A :abbr:`NIS (Network Information Service)` domain can be set to be used for
DHCPv6 clients.
-.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' nisplus-domain '<domain-name>'
+.. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet <prefix> nisplus-domain <domain-name>
The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)`
domain is similar to the NIS domain one:
-.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' nis-server '<address>'
+.. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet <prefix> nis-server <address>
Specify a NIS server address for DHCPv6 clients.
-.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' nisplus-server '<address>'
+.. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet <prefix> nisplus-server <address>
Specify a NIS+ server address for DHCPv6 clients.
-.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' sip-server-address '<address>'
+.. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet <prefix> sip-server-address <address>
Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address
for all DHCPv6 clients.
-.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' sip-server-name '<fqdn>'
+.. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet <prefix> sip-server-name <fqdn>
Specify a :abbr:`SIP (Session Initiation Protocol)` server by FQDN for all
DHCPv6 clients.
-.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' sntp-server-address '<address>'
+.. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet <prefix> sntp-server-address <address>
A SNTP server address can be specified for DHCPv6 clients.
@@ -556,7 +570,7 @@ https://wiki.vyos.net/wiki/Network_address_setup.
Configuration
-------------
-.. cfgcmd:: set service dhcp-relay interface '<interface>'
+.. cfgcmd:: set service dhcp-relay interface <interface>
Enable the DHCP relay service on the given interface.
diff --git a/docs/services/dns-forwarding.rst b/docs/services/dns-forwarding.rst
index fb996709..a529f6a7 100644
--- a/docs/services/dns-forwarding.rst
+++ b/docs/services/dns-forwarding.rst
@@ -29,9 +29,10 @@ avoid to be tracked by the provider of your upstream DNS server.
.. cfgcmd:: set service dns forwarding domain <domain-name> server <address>
Forward received queries for a particular domain (specified via `domain-name`)
- to a given name-server. Multiple nameservers can be specified.
+ to a given name-server. Multiple nameservers can be specified. You can use
+ this feature for a DNS split-horizon configuration.
-.. note:: This also works for reverse-lookup zones e.g. ``18.172.in-addr.arpa``.
+ .. note:: This also works for reverse-lookup zones (``18.172.in-addr.arpa``).
.. cfgcmd:: set service dns forwarding allow-from <network>
@@ -71,8 +72,8 @@ avoid to be tracked by the provider of your upstream DNS server.
as with process.
* **validate** The highest mode of DNSSEC processing. In this mode, all
- queries will be be validated and will be answered with a SERVFAIL in case
- of bogus data, regardless of the client's request.
+ queries will be validated and will be answered with a SERVFAIL in case of
+ bogus data, regardless of the client's request.
.. note:: The famous UNIX/Linux ``dig`` tool sets the AD-bit in the query.
This might lead to unexpected query results when testing. Set ``+noad``
diff --git a/docs/services/index.rst b/docs/services/index.rst
index af3e6cb1..e0773090 100644
--- a/docs/services/index.rst
+++ b/docs/services/index.rst
@@ -1,7 +1,5 @@
.. _services:
-.. include:: references.rst
-
########
Services
########
diff --git a/docs/services/ipoe-server.rst b/docs/services/ipoe-server.rst
index 8e3a88eb..a1144301 100644
--- a/docs/services/ipoe-server.rst
+++ b/docs/services/ipoe-server.rst
@@ -4,9 +4,9 @@ IPoE server
VyOS utilizes `accel-ppp`_ to provide IPoE server functionality. It can be
used with local authentication (mac-address) or a connected RADIUS server.
-.. note:: **Please be aware, due to an upstream bug, config changes/commits
+.. note:: Please be aware, due to an upstream bug, config changes/commits
will restart the ppp daemon and will reset existing IPoE sessions,
- in order to become effective.**
+ in order to become effective.
Configuration
^^^^^^^^^^^^^
@@ -123,7 +123,4 @@ The rate-limit is set in kbit/sec.
-------+------------+-------------------+-------------+-----+--------+------------+--------+----------+------------------
ipoe0 | eth2 | 08:00:27:2f:d8:06 | 192.168.0.2 | | | 500/500 | active | 00:00:05 | dccc870fd31349fb
-
-
-
-.. _`accel-ppp`: https://accel-ppp.org/
+.. include:: ../common-references.rst
diff --git a/docs/services/lldp.rst b/docs/services/lldp.rst
index c1f39fba..4b1743e6 100644
--- a/docs/services/lldp.rst
+++ b/docs/services/lldp.rst
@@ -40,7 +40,8 @@ Configuration
.. cfgcmd:: set service lldp management-address <address>
- Define IPv4 management address transmitted via LLDP.
+ Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses
+ can be defined. Only addresses connected to the system will be transmitted.
.. cfgcmd:: set service lldp interface <interface>
@@ -72,65 +73,64 @@ Operation
Displays information about all neighbors discovered via LLDP.
-.. code-block:: none
+ .. code-block:: none
- vyos@vyos:~# show lldp neighbors
- Capability Codes: R - Router, B - Bridge, W - Wlan r - Repeater, S - Station
- D - Docsis, T - Telephone, O - Other
+ vyos@vyos:~$ show lldp neighbors
+ Capability Codes: R - Router, B - Bridge, W - Wlan r - Repeater, S - Station
+ D - Docsis, T - Telephone, O - Other
- Device ID Local Proto Cap Platform Port ID
- --------- ----- ----- --- -------- -------
- Switch0815 eth0 LLDP B Cisco IOS Software, Gi0/4
+ Device ID Local Proto Cap Platform Port ID
+ --------- ----- ----- --- -------- -------
+ BR2.vyos.net eth0 LLDP R VyOS 1.2.4 eth1
+ BR3.vyos.net eth0 LLDP RB VyOS 1.2.4 eth2
+ SW1.vyos.net eth0 LLDP B Cisco IOS Software GigabitEthernet0/6
.. opcmd:: show lldp neighbors detail
Get detailed information about LLDP neighbors.
-.. code-block:: none
-
- vyos@vyos:~# show lldp neighbors detail
- -------------------------------------------------------------------------------
- LLDP neighbors:
- -------------------------------------------------------------------------------
- Interface: eth0, via: LLDP, RID: 1, Time: 12 days, xxxx:xxxx:40
- Chassis:
- ChassisID: mac 00:50:40:20:03:00
- SysName: Switch0815
- SysDescr: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE11, RELEASE SOFTWARE (fc3)
- Technical Support: http://www.cisco.com/techsupport
- Copyright (c) 1986-2017 by Cisco Systems, Inc.
- Compiled Sat 19-Aug-17 09:34 by prod_rel_team
- MgmtIP: 192.0.2.201
- Capability: Bridge, on
- Port:
- PortID: ifname Gi0/4
- PortDescr: GigabitEthernet0/4
- TTL: 120
- PMD autoneg: supported: yes, enabled: yes
- Adv: 10Base-T, HD: yes, FD: yes
- Adv: 100Base-TX, HD: yes, FD: yes
- Adv: 1000Base-T, HD: no, FD: yes
- MAU oper type: 1000BaseTFD - Four-pair Category 5 UTP, full duplex mode
- VLAN: 1, pvid: yes
- LLDP-MED:
- Device Type: Network Connectivity Device
- Capability: Capabilities, yes
- Capability: Policy, yes
- Capability: Location, yes
- Capability: Inventory, yes
- LLDP-MED Network Policy for: Voice, Defined: no
- Priority: Best effort
- PCP: 0
- DSCP Value: 0
- LLDP-MED Network Policy for: Voice Signaling, Defined: no
- Priority: Best effort
- PCP: 0
- DSCP Value: 0
- Inventory:
- Hardware Revision: WS-C2960G-8TC-L (PowerPC405):C0
- Software Revision: 15.0(2)SE11
- Manufacturer: Cisco Systems, Inc.
- Model: WS-C2960G-8TC-L
+ .. code-block:: none
+
+ vyos@vyos:~$ show lldp neighbors detail
+ -------------------------------------------------------------------------------
+ LLDP neighbors:
+ -------------------------------------------------------------------------------
+ Interface: eth0, via: LLDP, RID: 28, Time: 0 day, 00:24:33
+ Chassis:
+ ChassisID: mac 00:53:00:01:02:c9
+ SysName: BR2.vyos.net
+ SysDescr: VyOS 1.3-rolling-201912230217
+ MgmtIP: 192.0.2.1
+ MgmtIP: 2001:db8::ffff
+ Capability: Bridge, on
+ Capability: Router, on
+ Capability: Wlan, off
+ Capability: Station, off
+ Port:
+ PortID: mac 00:53:00:01:02:c9
+ PortDescr: eth0
+ TTL: 120
+ PMD autoneg: supported: no, enabled: no
+ MAU oper type: 10GigBaseCX4 - X copper over 8 pair 100-Ohm balanced cable
+ VLAN: 201 eth0.201
+ VLAN: 205 eth0.205
+ LLDP-MED:
+ Device Type: Network Connectivity Device
+ Capability: Capabilities, yes
+ Capability: Policy, yes
+ Capability: Location, yes
+ Capability: MDI/PSE, yes
+ Capability: MDI/PD, yes
+ Capability: Inventory, yes
+ Inventory:
+ Hardware Revision: None
+ Software Revision: 4.19.89-amd64-vyos
+ Firmware Revision: 6.00
+ Serial Number: VMware-42 1d 83 b9 fe c1 bd b2-7
+ Manufacturer: VMware, Inc.
+ Model: VMware Virtual Platform
+ Asset ID: No Asset Tag
+ -------------------------------------------------------------------------------
.. opcmd:: show lldp neighbors interface <interface>
diff --git a/docs/services/pppoe-server.rst b/docs/services/pppoe-server.rst
index 481831ba..a229d3f9 100644
--- a/docs/services/pppoe-server.rst
+++ b/docs/services/pppoe-server.rst
@@ -7,9 +7,9 @@ PPPoE Server
VyOS utilizes `accel-ppp`_ to provide PPPoE server functionality. It can be
used with local authentication or a connected RADIUS server.
-.. note:: **Please be aware, due to an upstream bug, config changes/commits
+.. note:: Please be aware, due to an upstream bug, config changes/commits
will restart the ppp daemon and will reset existing PPPoE connections from
- connected users, in order to become effective.**
+ connected users, in order to become effective.
Configuration
=============
@@ -241,4 +241,4 @@ subnet for the clients internal use.
--------+----------+-------------+--------------------------+---------------------+-------------------+------------+--------+----------+----------+----------
ppp0 | test | 192.168.0.1 | 2001:db8:8002:0:200::/64 | 2001:db8:8003::1/56 | 00:53:00:12:42:eb | | active | 00:00:49 | 875 B | 2.1 KiB
-.. _`accel-ppp`: https://accel-ppp.org/
+.. include:: ../common-references.rst
diff --git a/docs/services/references.rst b/docs/services/references.rst
deleted file mode 100644
index 704f33f7..00000000
--- a/docs/services/references.rst
+++ /dev/null
@@ -1,11 +0,0 @@
-.. _MIB: https://en.wikipedia.org/wiki/Management_information_base
-.. _SNMP: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
-.. _SNMPv2: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Version_2
-.. _SNMPv3: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Version_3
-.. _SSH: https://en.wikipedia.org/wiki/Secure_Shell
-.. _Squid3: http://www.squid-cache.org/
-.. _Squidguard: http://www.squidguard.org/
-.. _TFTP: https://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol
-.. _`arbitrary extension commands`: http://net-snmp.sourceforge.net/docs/man/snmpd.conf.html#lbAZ
-.. _`accel-ppp`: https://accel-ppp.org/
-.. _`Secure Socket Tunneling Protocol`: https://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol
diff --git a/docs/services/snmp.rst b/docs/services/snmp.rst
index c4b8fa32..c27cf02a 100644
--- a/docs/services/snmp.rst
+++ b/docs/services/snmp.rst
@@ -254,4 +254,8 @@ following content:
</Commands>
</Configuration-Management>
-.. include:: references.rst
+.. _MIB: https://en.wikipedia.org/wiki/Management_information_base
+.. _SNMP: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
+.. _SNMPv2: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Version_2
+.. _SNMPv3: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Version_3
+
diff --git a/docs/services/ssh.rst b/docs/services/ssh.rst
index fde575ea..1dd996d4 100644
--- a/docs/services/ssh.rst
+++ b/docs/services/ssh.rst
@@ -30,17 +30,17 @@ and integrity of data over an unsecured network, such as the Internet.
Configuration
=============
-.. cfgcmd:: set service ssh port '<number>'
+.. cfgcmd:: set service ssh port <port>
-Enabling SSH only requires you to specify the port ``<number>`` you want SSH to
+Enabling SSH only requires you to specify the port ``<port>`` you want SSH to
listen on. By default, SSH runs on port 22.
-.. cfgcmd:: set service ssh listen-address '<address>'
+.. cfgcmd:: set service ssh listen-address <address>
Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be
defined.
-.. cfgcmd:: set service ssh ciphers '<cipher>'
+.. cfgcmd:: set service ssh ciphers <cipher>
Define allowed ciphers used for the SSH connection. A number of allowed ciphers
can be specified, use multiple occurrences to allow multiple ciphers.
@@ -71,7 +71,7 @@ security!
Disable the host validation through reverse DNS lookups - can speedup login
time when reverse lookup is not possible.
-.. cfgcmd:: set service ssh macs '<mac>'
+.. cfgcmd:: set service ssh macs <mac>
Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms.
The MAC algorithm is used in protocol version 2 for data integrity protection.
diff --git a/docs/services/sstp-server.rst b/docs/services/sstp-server.rst
index 64a5206b..8e67b95c 100644
--- a/docs/services/sstp-server.rst
+++ b/docs/services/sstp-server.rst
@@ -6,9 +6,9 @@ SSTP server
VyOS utilizes accel-ppp_ to provide SSTP server functionality. It can be
used with local authentication or a connected RADIUS server.
-.. note:: **Please be aware, due to an upstream bug, config changes/commits
+.. note:: Please be aware, due to an upstream bug, config changes/commits
will restart the ppp daemon and will reset existing PPPoE connections from
- connected users, in order to become effective.**
+ connected users, in order to become effective.
Configuration
^^^^^^^^^^^^^
@@ -73,4 +73,4 @@ looks for all files and directories in ``/config/user-data/sstp``.
set sstp-settings ssl-certs server-cert 'server.crt'
set sstp-settings ssl-certs server-key 'server.key'
-.. include:: references.rst
+.. include:: ../common-references.rst
diff --git a/docs/services/tftp.rst b/docs/services/tftp.rst
index c33d6c7c..ce87011c 100644
--- a/docs/services/tftp.rst
+++ b/docs/services/tftp.rst
@@ -1,8 +1,8 @@
.. _tftp-server:
-####
-TFTP
-####
+###########
+TFTP Server
+###########
:abbr:`TFTP (Trivial File Transfer Protocol)` is a simple, lockstep file
transfer protocol which allows a client to get a file from or put a file onto
@@ -22,7 +22,7 @@ files.
content on image upgrades. Any directory under ``/config`` is save at this
will be migrated.
-.. cfgcmd:: set service tftp-server listen-address '<address>'
+.. cfgcmd:: set service tftp-server listen-address <address>
Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple IPv4 and
IPv6 addresses can be given. There will be one TFTP server instances listening
diff --git a/docs/services/udp-broadcast-relay.rst b/docs/services/udp-broadcast-relay.rst
index 10939c9d..f9e1b03e 100644
--- a/docs/services/udp-broadcast-relay.rst
+++ b/docs/services/udp-broadcast-relay.rst
@@ -17,23 +17,23 @@ support 99 IDs!
Configuration
-------------
-.. cfgcmd:: set service broadcast-relay id '<n>' description '<description>'
+.. cfgcmd:: set service broadcast-relay id <n> description <description>
A description can be added for each and every unique relay ID. This is
usefull to distinguish between multiple different ports/appliactions.
-.. cfgcmd:: set service broadcast-relay id '<n>' interface '<interface>'
+.. cfgcmd:: set service broadcast-relay id <n> interface <interface>
The interface used to receive and relay individual broadcast packets. If you
want to receive/relay packets on both `eth1` and `eth2` both interfaces need
to be added.
-.. cfgcmd:: set service broadcast-relay id '<n>' port '<port>'
+.. cfgcmd:: set service broadcast-relay id <n> port <port>
The UDP port number used by your apllication. It is mandatory for this kind
of operation.
-.. cfgcmd:: set service broadcast-relay id '<n>' disable
+.. cfgcmd:: set service broadcast-relay id <n> disable
Each broadcast relay instance can be individually disabled without deleting
the configured node by using the following command:
diff --git a/docs/services/webproxy.rst b/docs/services/webproxy.rst
index b4b20ef5..20e1eb73 100644
--- a/docs/services/webproxy.rst
+++ b/docs/services/webproxy.rst
@@ -3,7 +3,7 @@ Webproxy
The proxy service in VyOS is based on Squid3 and some related modules.
-Squid is a caching and forwarding HTTP web proxy. It has a wide variety of
+Squid3_ is a caching and forwarding HTTP web proxy. It has a wide variety of
uses, including speeding up a web server by caching repeated requests,
caching web, DNS and other computer network lookups for a group of people
sharing network resources, and aiding security by filtering traffic. Although
@@ -149,4 +149,5 @@ So sometimes it is useful to bypass a transparent proxy:
(This can be useful when a called service has many and/or often changing
destination addresses - e.g. Netflix.)
-.. include:: references.rst
+.. _Squid3: http://www.squid-cache.org/
+.. _Squidguard: http://www.squidguard.org/
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 11:27:27 +0000