From 22e2a930db6692929fe7eb7c5bfe75466c768e99 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Wed, 24 Jan 2024 09:52:02 +0100 Subject: [PATCH] System: Gateways: Single: migrate to MVC - update docs. closes https://github.com/opnsense/core/issues/6377 --- source/manual/gateways.rst | 5 +++-- source/manual/how-tos/ipsec-s2s-conn-route.rst | 2 +- source/manual/how-tos/ipsec-s2s-route-azure.rst | 2 +- source/manual/how-tos/ipsec-s2s-route.rst | 2 +- source/manual/how-tos/ipv6_tunnelbroker.rst | 2 +- source/manual/how-tos/multiwan.rst | 6 +++--- source/manual/how-tos/orange_fr_fttp.rst | 2 +- source/manual/how-tos/wireguard-client.rst | 2 +- source/manual/how-tos/wireguard-selective-routing.rst | 2 +- source/troubleshooting/openvpn.rst | 2 +- 10 files changed, 14 insertions(+), 13 deletions(-) diff --git a/source/manual/gateways.rst b/source/manual/gateways.rst index f73ccf3e..3dc36e06 100644 --- a/source/manual/gateways.rst +++ b/source/manual/gateways.rst @@ -21,7 +21,7 @@ Gateways Gateways define the possible routes that can be used to access other networks, such as the internet. -All different paths that are available to your firewall can be managed from this page, which can be found at :menuselection:`System->Gateways->Single`. +All different paths that are available to your firewall can be managed from this page, which can be found at :menuselection:`System->Gateways->Configuration`. You can either define these gateways yourself, or they can be provided automatically from dynamical configured interfaces (e.g. dhcp), in which case they won't have a predefined address. @@ -68,7 +68,7 @@ case you can enable "Gateway switching" in :menuselection:`System->Settings->Gen Overview page ---------------------------- -The overview page (:menuselection:`System->Gateways->Single`) shows all currently known gateways and their statuses in order of importance (most important on top). +The overview page (:menuselection:`System->Gateways->Configuration`) shows all currently known gateways and their statuses in order of importance (most important on top). When a gateway is considered "default" it will show **(active)** behind the name. .. Note:: @@ -97,6 +97,7 @@ IP address Address of our gateway, empty/**dynamic** when dyn Upstream Gateway Upstream gateway, consider this gateway as default gateway candidate Far Gateway Checkbox to allow the gateway to exist outside of the interface subnet. Disable Gateway Monitoring Disable monitoring (consider **online**) +Disable Host Route Do not create a dedicated host route for this monitor. Monitor IP Alternative address to monitor, always make sure the address is actually reachable and using this interface (via a static gateway) Mark Gateway as Down Consider this gateway as down, so it can't be considered as default gateway diff --git a/source/manual/how-tos/ipsec-s2s-conn-route.rst b/source/manual/how-tos/ipsec-s2s-conn-route.rst index 0db6aec4..b260dfb4 100644 --- a/source/manual/how-tos/ipsec-s2s-conn-route.rst +++ b/source/manual/how-tos/ipsec-s2s-conn-route.rst @@ -78,7 +78,7 @@ Tunnel remote address **192.168.123.2** **192.168.123.1** Gateways ..................... -Next step on both ends is to define a gateway (:menuselection:`System->Gateways->Single`) which reaches the other end of this channel, the +Next step on both ends is to define a gateway (:menuselection:`System->Gateways->Configuration`) which reaches the other end of this channel, the interface should be automatically created and is called :code:`ipsec10` in this example. Both ends will need a gateway pointing at each other : diff --git a/source/manual/how-tos/ipsec-s2s-route-azure.rst b/source/manual/how-tos/ipsec-s2s-route-azure.rst index 92195616..f79e0a17 100644 --- a/source/manual/how-tos/ipsec-s2s-route-azure.rst +++ b/source/manual/how-tos/ipsec-s2s-route-azure.rst @@ -271,7 +271,7 @@ Step 6 - Define Gateways ------------------------ Now that you have the VPN up and running you have to set up a gateway. -Go to :menuselection:`System --> Gateways --> Single` and add a new gateway. +Go to :menuselection:`System --> Gateways --> Configuration` and add a new gateway. OPNsense -------- diff --git a/source/manual/how-tos/ipsec-s2s-route.rst b/source/manual/how-tos/ipsec-s2s-route.rst index 9605176a..ae1f313d 100644 --- a/source/manual/how-tos/ipsec-s2s-route.rst +++ b/source/manual/how-tos/ipsec-s2s-route.rst @@ -443,7 +443,7 @@ Step 5 - Define Gateways ------------------------ Now that you have the VPN up and running you have to set up a gateway. -Go to :menuselection:`System --> Gateways --> Single` and add a new gateway. +Go to :menuselection:`System --> Gateways --> Configuration` and add a new gateway. Gateway Site-A -------------- diff --git a/source/manual/how-tos/ipv6_tunnelbroker.rst b/source/manual/how-tos/ipv6_tunnelbroker.rst index d2328428..c0210725 100644 --- a/source/manual/how-tos/ipv6_tunnelbroker.rst +++ b/source/manual/how-tos/ipv6_tunnelbroker.rst @@ -72,7 +72,7 @@ depending on what you selected) check **Enable Interface** and change the description to e.g., TUNNELBROKER before hitting **Save**. The newly created interface must now be set as the default IPv6 gateway -under :menuselection:`System --> Gateways --> Single` by editing the new gateway entry +under :menuselection:`System --> Gateways --> Configuration` by editing the new gateway entry TUNNELBROKER_TUNNELV6 and checking **Upstream Gateway** before saving. ----------------------------- diff --git a/source/manual/how-tos/multiwan.rst b/source/manual/how-tos/multiwan.rst index 5f381d25..006cebd9 100644 --- a/source/manual/how-tos/multiwan.rst +++ b/source/manual/how-tos/multiwan.rst @@ -57,7 +57,7 @@ Step 1 - Add monitor IPs You may skip this step if you already have setup the monitoring IP and both gateways are shown as online. -To add a monitoring IP go to :menuselection:`System --> Gateways --> Single` and click on the first pencil +To add a monitoring IP go to :menuselection:`System --> Gateways --> Configuration` and click on the first pencil symbol to edit the first gateway. Now make sure the following is configured: @@ -167,7 +167,7 @@ Advanced Options ---------------- For each gateway there are several advanced options you can use to change the default behavior/thresholds. These option can be changed under -:menuselection:`System --> Gateways --> Single`, press the pencil icon next to the Gateway you want +:menuselection:`System --> Gateways --> Configuration`, press the pencil icon next to the Gateway you want to update. The current options are: @@ -216,7 +216,7 @@ load balance. For instance if you have one line of 10 Mbps and one of 20 Mbps th set the weight of the first one to 1 and the second one to 2. This way the second gateway will get twice as many traffic to handle than the first. -To do so, go to :menuselection:`System --> Gateways --> Single` and press the pencil icon next to the +To do so, go to :menuselection:`System --> Gateways --> Configuration` and press the pencil icon next to the Gateway you want to update. The weight is defined under the advanced section. ------------------------------ diff --git a/source/manual/how-tos/orange_fr_fttp.rst b/source/manual/how-tos/orange_fr_fttp.rst index bdda8931..99605b1b 100644 --- a/source/manual/how-tos/orange_fr_fttp.rst +++ b/source/manual/how-tos/orange_fr_fttp.rst @@ -114,7 +114,7 @@ Click ‘Save’ and then ‘Apply’. Update IPv6 Gateway -Select :menuselection:`System --> Gateway --> Single` and edit IPv6 gateway to add 'fe80::ba0:bab' as IP address +Select :menuselection:`System --> Gateway --> Configuration` and edit IPv6 gateway to add 'fe80::ba0:bab' as IP address .. image:: images/OF_image6_1.png :width: 100% diff --git a/source/manual/how-tos/wireguard-client.rst b/source/manual/how-tos/wireguard-client.rst index d16fde5b..382efa33 100644 --- a/source/manual/how-tos/wireguard-client.rst +++ b/source/manual/how-tos/wireguard-client.rst @@ -126,7 +126,7 @@ Step 5(a) - Assign an interface to WireGuard (recommended) .. Tip:: - When assigning interfaces, gateways can be added to them. This is useful if balancing traffic across multiple tunnels is required or in more complex routing scenarios. To do this, go to :menuselection:`System --> Gateways --> Single` and add a new gateway. Choose the relevant WireGuard interface and set the Gateway to **dynamic**. These scenarios are otherwise beyond the scope of this how-to + When assigning interfaces, gateways can be added to them. This is useful if balancing traffic across multiple tunnels is required or in more complex routing scenarios. To do this, go to :menuselection:`System --> Gateways --> Configuration` and add a new gateway. Choose the relevant WireGuard interface and set the Gateway to **dynamic**. These scenarios are otherwise beyond the scope of this how-to .. Tip:: diff --git a/source/manual/how-tos/wireguard-selective-routing.rst b/source/manual/how-tos/wireguard-selective-routing.rst index 5dd50390..4f2c44cf 100644 --- a/source/manual/how-tos/wireguard-selective-routing.rst +++ b/source/manual/how-tos/wireguard-selective-routing.rst @@ -103,7 +103,7 @@ Now restart WireGuard - you can do this from the Dashboard (if you have the serv Step 6 - Create a gateway ------------------------- -- Go to :menuselection:`System --> Gateways --> Single` +- Go to :menuselection:`System --> Gateways --> Configuration` - Click **Add** - Configure the gateway as follows (if an option is not mentioned below, leave it as the default): diff --git a/source/troubleshooting/openvpn.rst b/source/troubleshooting/openvpn.rst index 21c17a81..ec42ccea 100644 --- a/source/troubleshooting/openvpn.rst +++ b/source/troubleshooting/openvpn.rst @@ -18,7 +18,7 @@ server are created with the :code:`reply-to` directive by default, which breaks :menuselection:`Firewall -> Log Files -> Live View` and optionally by performing a packet capture on the affected interface. There are multiple ways to fix this problem. For most setups, it will be sufficient to disable the automatically created IPv4 and -IPv6 Gateways under :menuselection:`System -> Gateways -> Single`. Doing so will also disable the automatic addition of the +IPv6 Gateways under :menuselection:`System -> Gateways -> Configuration`. Doing so will also disable the automatic addition of the :code:`reply-to` directive to rules created on the interface, and client connectivity will be restored. Another option is to manually select the option "Disable Reply-To" on each firewall rule you generate on the assigned interface.