From owner-freebsd-doc@freebsd.org Mon Dec 28 22:32:06 2015 Return-Path: Delivered-To: freebsd-doc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6E4ECA5459C for ; Mon, 28 Dec 2015 22:32:06 +0000 (UTC) (envelope-from chip@2bithacker.net) Received: from mail-pf0-x22a.google.com (mail-pf0-x22a.google.com [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 466151356 for ; Mon, 28 Dec 2015 22:32:05 +0000 (UTC) (envelope-from chip@2bithacker.net) Received: by mail-pf0-x22a.google.com with SMTP id q63so82365367pfb.0 for ; Mon, 28 Dec 2015 14:32:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=2bithacker-net.20150623.gappssmtp.com; s=20150623; h=date:from:to:subject:message-id:reply-to:mime-version:content-type :content-disposition:user-agent; bh=hmsDWpeTKu+ee21F7OvopX6dY0HsriM024I8NzYz4Mg=; b=XzP3mSnU8oAuLpl6m7dv6xPhAlHIfKBd3w/CRvF/tirrRqMSWL2Lx6oGTGhKbxVnwM le1iCFy8WkVjpse3ljb8Ky212ZM8lmOR2rrfJqKPNwRVDRNh35IoouSPg55bzEGTdC7h FCXeX1UxuvMytEyFJo0BrL+/jH5FNdBPcJ1CRFwcTB8emFNjTgzuCBMwWLEwF2geyE5a y2Luq1cZQgkGkWhGFtSow6GuRvkNlx4IK12qcEoQm06PyPwzlrEfI9D2cKDOEui+DMJu FfVj1NLIhcu+qS6hyuwLbVMxYMJi8sru+Ml50ptgLR57fZ2TWm4n10nEcF40mjEpk0PM nfzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:reply-to :mime-version:content-type:content-disposition:user-agent; bh=hmsDWpeTKu+ee21F7OvopX6dY0HsriM024I8NzYz4Mg=; b=O0kdv/8tUFPeXhZhr9AIcEjdf5XMzwV47YKMTanMb0h6d/9XpB6i6DI5grNpMqw7wa Pr/A1/YE4/SfoJ/ABC5x73eKfqWWZhCRX6tmRKzG7kKuFtQJLKMYjXE6/UDAtEudk8V4 szUw20WI3ajztz1dcRTEq7Mwzha0hFCUCleAVrapAwIMe6oRDS443h30j5o+J0HGghm+ qd0iPTFYcrLiHZlvAZFcrtLz/+PJbMHHndImNDyfxZDtTEsl+gBjEpncobQwO6uV7UXr VqHRFljN/e2aLcUSJ/IJ8Z1sEu7zpkTHem6UWFWokqqeRVOAu5kWu4d36McgOGIFKwlu p8pg== X-Gm-Message-State: ALoCoQn/x7xInuZThdCDqIU2xDi9aa2ihc0giwT2omRiSEHnt4epntIEgw08Zz3PTfTgya7jYUwUHB7mOUaph3D0jYMya9h0VQ== X-Received: by 10.98.70.12 with SMTP id t12mr56280179pfa.38.1451341925505; Mon, 28 Dec 2015 14:32:05 -0800 (PST) Received: from 2bithacker.net ([2601:601:8700:17d5:618f:bad5:45b3:cb17]) by smtp.gmail.com with ESMTPSA id ud10sm83487988pab.27.2015.12.28.14.32.04 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 28 Dec 2015 14:32:04 -0800 (PST) Date: Mon, 28 Dec 2015 14:32:02 -0800 From: Chip Marshall To: freebsd-doc@freebsd.org Subject: IPsec Documentation Message-ID: <20151228223202.GA83834@2bithacker.net> Reply-To: chip@2bithacker.net MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="OgqxwSJOaUobr8KG" Content-Disposition: inline X-OS: Mac OS X 10.11.2 x86_64 up 16 days User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Dec 2015 22:32:06 -0000 --OgqxwSJOaUobr8KG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Good afternoon, Documentation newbie here, but I've been thinking of updating section 13.7.1 (Configuring a VPN on FreeBSD) of the Handbook for a few reasons, but figured I should touch base here first and make sure I'm not duplicating effort or stepping on any toes. Motivators: - The existing racoon.conf in the handbook uses a deprecated syntax for remote and sainfo declarations. - It also indicates the use of weak ciphers (3DES and MD5) - It describes setting up an IP-IP tunnel over tunnel-mode IPsec, which is redundant, only need to use one or the other. - Lacks any description of the referenced psk.txt file, which could be confusing for a newcomer With the introduction of IPsec into the GENERIC kernel, I figured it would be good to get this section of the handbook revised a bit. As a side note, I noticed there's a fair amount of use of RFC 1918 space (10/8, 192.168/16, etc) in the Handbook. Is there any interest in revising it to use RFC 5737 space instead? That's dedicated documentation space that is never supposed to be used in a live network. There's a corresponding IPv6 space as well, defined in RFC 3849. Thanks in advance for any input. --=20 Chip Marshall http://2bithacker.net/ --OgqxwSJOaUobr8KG Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iEYEARECAAYFAlaBuGIACgkQnTUxIUPEgZ5oswCgi/G0kUBgzoFgN6wB8T3SKXBF gn0An3WLH7evih9GwiE33glIiKDSG5uF =pGB8 -----END PGP SIGNATURE----- --OgqxwSJOaUobr8KG--