Merge branch 'vyos:master' into master

docs/_ext/vyos.py

@@ -530,7 +530,7 @@ def strip_cmd(cmd, debug=False):
         if c == "]":
             appearance = appearance - 1
 
-    # only if all [..] will be delete if appearance > 0 there is a syntax errror
+    # only if all [..] will be delete if appearance > 0 there is a syntax error
     if appearance == 0:
         cmd = cmd_new
 
@@ -545,7 +545,7 @@ def strip_cmd(cmd, debug=False):
         if c == ">":
             appearance = appearance - 1
 
-    # only if all <..> will be delete if appearance > 0 there is a syntax errror
+    # only if all <..> will be delete if appearance > 0 there is a syntax error
     if appearance == 0:
         cmd = cmd_new
 

docs/automation/cloud-init.rst

@@ -268,7 +268,7 @@ Generate qcow image
 -------------------
 
 A VyOS qcow image with cloud-init options is needed. This can be obtained
-using `vyos-vm-images`_ repo. After clonning the repo, edit the file
+using `vyos-vm-images`_ repo. After cloning the repo, edit the file
 **qemu.yml** and comment the **download-iso** role.
 
 In this lab, we are using 1.3.0 VyOS version and setting a disk of 10G.
@@ -344,7 +344,7 @@ Content of network-config file:
        dhcp4: false
        dhcp6: false
 
-Finaly, file **meta-data** has no content, but it's required.
+Finally, file **meta-data** has no content, but it's required.
 
 ---------------
 Create seed.iso
@@ -360,7 +360,7 @@ Command for generating ``seed.iso``
   mkisofs -joliet -rock -volid "cidata" -output seed.iso meta-data \
   user-data network-config
 
-**NOTE**: be carefull while copying and pasting previous commands. Doble
+**NOTE**: be careful while copying and pasting previous commands. Double
 quotes may need to be corrected. 
 
 ---------------

docs/automation/command-scripting.rst

@@ -49,7 +49,7 @@ prepended with ``run``, even if you haven't created a session with configure.
 Run commands remotely
 ---------------------
 
-Sometimes you simply wan't to execute a bunch of op-mode commands via SSH on
+Sometimes you simply want to execute a bunch of op-mode commands via SSH on
 a remote VyOS system.
 
 .. code-block:: none

docs/automation/vyos-netmiko.rst

@@ -32,7 +32,7 @@ Example
                      'set interfaces ethernet eth1 description LAN',
                     ]
 
-  # set congiguration
+  # set configuration
   output = net_connect.send_config_set(config_commands, exit_config_mode=False)
   print(output)
 
@@ -69,4 +69,4 @@ Output
   vtun10           10.10.0.1/24                      u/u  
   [edit]
 
-.. _netmiko: https://github.com/ktbyers/netmiko
+.. _netmiko: https://github.com/ktbyers/netmiko

docs/cli.rst

@@ -558,7 +558,7 @@ different levels in the hierarchy.
    What if you are doing something dangerous? Suppose you want to setup
    a firewall, and you are not sure there are no mistakes that will lock
    you out of your system. You can use confirmed commit. If you issue
-   the ``commit-confirm`` command, your changes will be commited, and if
+   the ``commit-confirm`` command, your changes will be committed, and if
    you don't issue  the ``confirm`` command in 10 minutes, your
    system will reboot into previous config revision.
 
@@ -653,7 +653,7 @@ different levels in the hierarchy.
    The ``comment`` command allows you to insert a comment above the
    ``<config node>`` configuration section. When shown, comments are
    enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments
-   need to be commited, just like other config changes.
+   need to be committed, just like other config changes.
 
    To remove an existing comment from your current configuration,
    specify an empty string enclosed in double quote marks (``""``) as
@@ -852,7 +852,7 @@ Remote Archive
 VyOS can upload the configuration to a remote location after each call
 to :cfgcmd:`commit`. You will have to set the commit-archive location.
 TFTP, FTP, SCP and SFTP servers are supported. Every time a
-:cfgcmd:`commit` is successfull the ``config.boot`` file will be copied
+:cfgcmd:`commit` is successful the ``config.boot`` file will be copied
 to the defined destination(s). The filename used on the remote host will
 be ``config.boot-hostname.YYYYMMDD_HHMMSS``. 
 

docs/configuration/service/ipoe-server.rst

@@ -72,8 +72,9 @@ IPv6 DNS addresses are optional.
 
   set service ipoe-server authentication interface eth3 mac 08:00:27:2F:D8:06
   set service ipoe-server authentication mode 'local'
-  set service ipoe-server client-ipv6-pool delegate '2001:db8:1::/48' delegation-prefix '56'
-  set service ipoe-server client-ipv6-pool prefix '2001:db8::/48' mask '64'
+  set service ipoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:1::/48' delegation-prefix '56'
+  set service ipoe-server client-ipv6-pool IPv6-POOL prefix '2001:db8::/48' mask '64'
+  set service ipoe-server default-ipv6-pool IPv6-POOL
   set service ipoe-server name-server '2001:db8::'
   set service ipoe-server name-server '2001:db8:aaa::'
   set service ipoe-server name-server '2001:db8:bbb::'
@@ -171,8 +172,9 @@ Server configuration
     set service ipoe-server authentication interface eth1.51 mac 00:0c:29:b7:49:a7 rate-limit upload '50000'
     set service ipoe-server authentication mode 'local'
     
-    set service ipoe-server client-ipv6-pool delegate 2001:db8:ffff::/48 delegation-prefix '56'
-    set service ipoe-server client-ipv6-pool prefix 2001:db8:fffe::/48 mask '64'
+    set service ipoe-server client-ipv6-pool IPv6-POOL delegate 2001:db8:ffff::/48 delegation-prefix '56'
+    set service ipoe-server client-ipv6-pool IPv6-POOL prefix 2001:db8:fffe::/48 mask '64'
+    set service ipoe-server default-ipv6-pool IPv6-POOL
     set service ipoe-server interface eth1.50 client-subnet '100.64.50.0/24'
     set service ipoe-server interface eth1.50 mode 'l2'
     set service ipoe-server interface eth1.51 client-subnet '100.64.51.0/24'

docs/configuration/service/pppoe-server.rst

@@ -266,11 +266,11 @@ other servers. Last command says that this PPPoE server can serve only
 IPv6
 ----
 
-IPv6 client's prefix assignment
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+IPv6 client's prefix
+^^^^^^^^^^^^^^^^^^^^
 
-.. cfgcmd:: set service pppoe-server client-ipv6-pool prefix <address>
-   mask <number-of-bits>
+.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME>
+   prefix <address> mask <number-of-bits>
 
    Use this comand to set the IPv6 address pool from which a PPPoE
    client will get an IPv6 prefix of your defined length (mask) to
@@ -281,8 +281,8 @@ IPv6 client's prefix assignment
 IPv6 Prefix Delegation
 ^^^^^^^^^^^^^^^^^^^^^^
 
-.. cfgcmd:: set service pppoe-server client-ipv6-pool delegate <address>
-   delegation-prefix <number-of-bits>
+.. cfgcmd:: set service pppoe-server client-ipv6-pool <IPv6-POOL-NAME>
+   delegate <address> delegation-prefix <number-of-bits>
 
    Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You
    will have to set your IPv6 pool and the length of the delegation
@@ -291,6 +291,14 @@ IPv6 Prefix Delegation
    delegation prefix can be set from 32 to 64 bit long.
 
 
+IPv6 default client's pool assignment
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. cfgcmd:: set service pppoe-server default-ipv6-pool <POOL-NAME>
+
+   Use this command to define default IPv6 address pool name.
+
+
 Maintenance mode
 ================
 
@@ -374,8 +382,9 @@ The example below covers a dual-stack configuration via pppoe-server.
   set service pppoe-server authentication mode 'local'
   set service pppoe-server client-ip-pool IP-POOL range '192.168.0.1/24'
   set service pppoe-server default-pool 'IP-POOL'
-  set service pppoe-server client-ipv6-pool delegate '2001:db8:8003::/48' delegation-prefix '56'
-  set service pppoe-server client-ipv6-pool prefix '2001:db8:8002::/48' mask '64'
+  set service pppoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56'
+  set service pppoe-server client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64'
+  set service pppoe-server default-ipv6-pool IPv6-POOL
   set service pppoe-server ppp-options ipv6 allow
   set service pppoe-server name-server '10.1.1.1'
   set service pppoe-server name-server '2001:db8:4860::8888'

docs/configuration/vpn/ipsec.rst

@@ -49,9 +49,9 @@ VyOS IKE group has the next options:
 
  * ``none`` set action to none (default);
 
- * ``hold`` set action to hold;
+ * ``trap`` installs a trap policy for the CHILD_SA;
 
- * ``restart`` set action to restart;
+ * ``start`` tries to immediately re-create the CHILD_SA;
 
 * ``dead-peer-detection`` controls the use of the Dead Peer Detection protocol 
   (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty 
@@ -60,11 +60,13 @@ VyOS IKE group has the next options:
 
  * ``action`` keep-alive failure action:
 
-  * ``hold`` set action to hold (default)
+  * ``trap``  installs a trap policy, which will catch matching traffic
+    and tries to re-negotiate the tunnel on-demand;
 
-  * ``clear`` set action to clear;
+  * ``clear`` closes the CHILD_SA and does not take further action (default);
 
-  * ``restart`` set action to restart;
+  * ``restart`` immediately tries to re-negotiate the CHILD_SA
+    under a fresh IKE_SA;
 
  * ``interval`` keep-alive interval in seconds <2-86400> (default 30);
 

docs/configuration/vpn/site2site_ipsec.rst

@@ -317,7 +317,7 @@ Imagine the following topology
   set vpn ipsec esp-group ESP_DEFAULT proposal 10 encryption 'aes256gcm128'
   set vpn ipsec esp-group ESP_DEFAULT proposal 10 hash 'sha256'
   set vpn ipsec ike-group IKEv2_DEFAULT close-action 'none'
-  set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'hold'
+  set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'trap'
   set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection interval '30'
   set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection timeout '120'
   set vpn ipsec ike-group IKEv2_DEFAULT disable-mobike
@@ -357,7 +357,7 @@ Imagine the following topology
   set vpn ipsec esp-group ESP_DEFAULT proposal 10 encryption 'aes256gcm128'
   set vpn ipsec esp-group ESP_DEFAULT proposal 10 hash 'sha256'
   set vpn ipsec ike-group IKEv2_DEFAULT close-action 'none'
-  set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'hold'
+  set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'trap'
   set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection interval '30'
   set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection timeout '120'
   set vpn ipsec ike-group IKEv2_DEFAULT disable-mobike
@@ -397,18 +397,18 @@ Key Parameters:
   routes installed in the default table 220 for site-to-site ipsec.
   It is mostly used with VTI configuration.
 
-* ``dead-peer-detection action = clear | hold | restart`` - R_U_THERE
+* ``dead-peer-detection action = clear | trap | restart`` - R_U_THERE
   notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2)
   are periodically sent in order to check the liveliness of the IPsec peer. The
-  values clear, hold, and restart all activate DPD and determine the action to
+  values clear, trap, and restart all activate DPD and determine the action to
   perform on a timeout.
   With ``clear`` the connection is closed with no further actions taken.
-  ``hold`` installs a trap policy, which will catch matching traffic and tries
+  ``trap`` installs a trap policy, which will catch matching traffic and tries
   to re-negotiate the connection on demand.
   ``restart`` will immediately trigger an attempt to re-negotiate the
   connection.
 
-* ``close-action = none | clear | hold | restart`` - defines the action to take
+* ``close-action = none | clear | trap | start`` - defines the action to take
   if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of
   values). A closeaction should not be used if the peer uses reauthentication or
   uniqueids.

docs/configuration/vpn/sstp.rst

@@ -132,16 +132,17 @@ Configuration
    Use this command to define default address pool name.
 
 
-.. cfgcmd:: set vpn sstp client-ipv6-pool prefix <address> mask <number-of-bits>
+.. cfgcmd:: set vpn sstp client-ipv6-pool <IPv6-POOL-NAME> prefix <address>
+   mask <number-of-bits>
 
   Use this comand to set the IPv6 address pool from which an SSTP client
   will get an IPv6 prefix of your defined length (mask) to terminate the
   SSTP endpoint at their side. The mask length can be set from 48 to 128
   bit long, the default value is 64.
 
 
-.. cfgcmd:: set vpn sstp client-ipv6-pool delegate <address> delegation-prefix
-   <number-of-bits>
+.. cfgcmd:: set vpn sstp client-ipv6-pool <IPv6-POOL-NAME> delegate <address>
+   delegation-prefix <number-of-bits>
 
   Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on
   SSTP. You will have to set your IPv6 pool and the length of the
@@ -150,6 +151,11 @@ Configuration
   delegation prefix can be set from 32 to 64 bit long.
 
 
+.. cfgcmd:: set vpn sstp default-ipv6-pool <IPv6-POOL-NAME>
+
+   Use this command to define default IPv6 address pool name.
+
+
 .. cfgcmd:: set vpn sstp name-server <address>
 
   Connected client should use `<address>` as their DNS server. This

docs/contributing/build-vyos.rst

@@ -371,7 +371,7 @@ more or less similar looking error message:
   (10:13) vyos_bld ece068908a5b:/vyos [current] #
 
 To debug the build process and gain additional information of what could be the
-root cause, you need to use `chroot` to change into the build directry. This is
+root cause, you need to use `chroot` to change into the build directory. This is
 explained in the following step by step procedure:
 
 .. code-block:: none

docs/contributing/debugging.rst

@@ -125,7 +125,7 @@ You can type ``help`` to get an overview of the available commands, and
 Useful commands are:
 
 * examine variables using ``pp(var)``
-* contine execution using ``cont``
+* continue execution using ``cont``
 * get a backtrace using ``bt``
 
 Config Migration Scripts
@@ -147,7 +147,7 @@ look like:
 
 The reason is that the configuration migration backend is rewritten and uses
 a new form of "magic string" which is applied on demand when real config
-migration is run on boot. When runnint individual migrators for testing,
+migration is run on boot. When running individual migrators for testing,
 you need to convert the "magic string" on your own by:
 
 .. code-block:: none
@@ -157,13 +157,13 @@ you need to convert the "magic string" on your own by:
 Configuration Error on System Boot
 ----------------------------------
 
-Beeing brave and running the latest rolling releases will sometimes trigger
+Being brave and running the latest rolling releases will sometimes trigger
 bugs due to corner cases we missed in our design. Those bugs should be filed
-via Phabricator_ but you can help us to narrow doen the issue. Login to your
+via Phabricator_ but you can help us to narrow down the issue. Login to your
 VyOS system and change into configuration mode by typing ``configure``. Now
 re-load your boot configuration by simply typing ``load`` followed by return.
 
-You shoudl now see a Python backtrace which will help us to handle the issue,
+You should now see a Python backtrace which will help us to handle the issue,
 please attach it to the Phabricator_ task.
 
 Boot Timing
@@ -179,7 +179,7 @@ installed by default on the VyOS 1.3 (equuleus) branch. The configuration is
 also versioned so we get comparable results. ``systemd-bootchart`` is configured
 using this file: bootchart.conf_
 
-To enable boot time graphing change the Kernel commandline and add the folowing
+To enable boot time graphing change the Kernel commandline and add the following
 string: ``init=/usr/lib/systemd/systemd-bootchart``
 
 This can also be done permanently by changing ``/boot/grub/grub.cfg``.
@@ -190,7 +190,7 @@ Priorities
 VyOS CLI is all about priorities. Every CLI node has a corresponding
 ``node.def`` file and possibly an attached script that is executed when the
 node is present. Nodes can have a priority, and on system bootup - or any
-other ``commit`` to the config all scripts are executed from lowest to higest
+other ``commit`` to the config all scripts are executed from lowest to highest
 priority. This is good as this gives a deterministic behavior.
 
 To debug issues in priorities or to see what's going on in the background

docs/contributing/development.rst

@@ -252,7 +252,7 @@ contributors to navigate through the sources and all the implied logic of
 the spaghetti code.
 
 Please use the following template as good starting point when developing new
-modules or even rewrite a whole bunch of code in the new style XML/Pyhon
+modules or even rewrite a whole bunch of code in the new style XML/Python
 interface.
 
 

docs/contributing/testing.rst

@@ -20,7 +20,7 @@ Jenkins CI
 Our `VyOS CI`_ system is based on Jenkins and builds all our required packages
 for VyOS 1.2 to 1.4. In addition to the package build, there is the vyos-build
 Job which builds and tests the VyOS ISO image which is published after a
-successfull test drive.
+successful test drive.
 
 We differentiate in two independent tests, which are both run in parallel by
 two separate QEmu instances which are launched via ``make test`` and ``make
@@ -42,7 +42,7 @@ with the following packages:
     if (params.BUILD_SMOKETESTS)
       CUSTOM_PACKAGES = '--custom-package vyos-1x-smoketest'
 
-So if you plan to build your own custom ISO image and wan't to make use of our
+So if you plan to build your own custom ISO image and want to make use of our
 smoketests, ensure that you have the `vyos-1x-smoketest` package installed.
 
 The ``make test`` command from the vyos-build_ repository will launch a new
@@ -106,7 +106,7 @@ Those common tests consists out of:
 * VLANs (QinQ and regular 802.1q)
 * ...
 
-.. note:: When you are working on interface configuration and you also wan't to
+.. note:: When you are working on interface configuration and you also want to
    test if the Smoketests pass you would normally loose the remote SSH connection
    to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the
    interface based tests can be called with an environment variable beforehand

docs/documentation.rst

@@ -146,7 +146,7 @@ access to the official codebase.
 Style Guide
 ===========
 
-Formating and Sphinxmarkup
+Formatting and Sphinxmarkup
 --------------------------
 
 TOC Level