From owner-freebsd-doc  Thu Sep 26 23:30:25 2002
Delivered-To: freebsd-doc@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 38BF937B401
	for <doc@freebsd.org>; Thu, 26 Sep 2002 23:30:24 -0700 (PDT)
Received: from newton.pconline.com (newton.pconline.com [206.145.48.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 79A8C43E3B
	for <doc@freebsd.org>; Thu, 26 Sep 2002 23:30:23 -0700 (PDT)
	(envelope-from chris@pconline.com)
Received: from localhost (chris@localhost)
	by newton.pconline.com (8.11.6/8.11.6) with ESMTP id g8R6UAJ02520;
	Fri, 27 Sep 2002 01:30:10 -0500
Date: Fri, 27 Sep 2002 01:30:10 -0500 (CDT)
From: Chris Kesler <chris@pconline.com>
To: editors@daemonnews.org
Cc: Chris Kesler <chris@pconline.com>, <doc@freebsd.org>
Subject: Edit for FreeBSD IPsec mini-HOWTO
Message-ID: <Pine.LNX.4.44.0209270118320.5117-100000@newton.pconline.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-doc.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-doc>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-doc>
X-Loop: FreeBSD.org

I've been using the "FreeBSD IPsec mini-HOWTO" to try to create a tunnel 
between two FreeBSD boxes, and I found a bug in the document.  The latest 
version of the document verifies the bug.


Your page, http://www.daemonnews.org/200101/ipsec-howto.html,
shows this:

 spdadd 10.10.10.0/24 10.20.20.0/24 any -P out ipsec
         esp/transport/1.2.3.4-5.6.7.8/require;
        spdadd 10.20.20.0/24 10.10.10.0/24 any -P in ipsec
         esp/transport/5.6.7.8-1.2.3.4/require;

[ text omitted ]

 spdadd 10.20.20.0/24 10.10.10.0/24 any -P out ipsec
         esp/transport/5.6.7.8-1.2.3.4/require;
        spdadd 10.10.10.0/24 10.20.20.0/24 any -P in ipsec
         esp/transport/1.2.3.4-5.6.7.8/require;



It should read as the latest version of the tutorial reads, like this:

 spdadd 10.10.10.0/24 10.20.20.0/24 any -P out ipsec
         esp/tunnel/1.2.3.4-5.6.7.8/require;
        spdadd 10.20.20.0/24 10.10.10.0/24 any -P in ipsec
         esp/tunnel/5.6.7.8-1.2.3.4/require;

[ text omitted ]

 spdadd 10.20.20.0/24 10.10.10.0/24 any -P out ipsec
         esp/tunnel/5.6.7.8-1.2.3.4/require;
        spdadd 10.10.10.0/24 10.20.20.0/24 any -P in ipsec
         esp/tunnel/1.2.3.4-5.6.7.8/require;



I had looked at it closely several times before I caught it as a bug, and
I thought that it must be correct that "tunnel mode" uses
esp/transport/1.2.3.4-5.6.7.8/require;
instead of
esp/tunnel/1.2.3.4-5.6.7.8/require;


It's a simple error, but I spent a lot of time debugging this one.  I
think that other FreeBSD users would be happy if you corrected it.


Thanks,
Chris Kesler


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message