From owner-svn-src-projects@freebsd.org Thu Feb 2 23:18:14 2017 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EBB75CCB083 for ; Thu, 2 Feb 2017 23:18:14 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BB6A01F06; Thu, 2 Feb 2017 23:18:14 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v12NIDu8039874; Thu, 2 Feb 2017 23:18:13 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v12NIDl3039873; Thu, 2 Feb 2017 23:18:13 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201702022318.v12NIDl3039873@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Thu, 2 Feb 2017 23:18:13 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r313114 - projects/ipsec/share/man/man4 X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2017 23:18:15 -0000 Author: ae Date: Thu Feb 2 23:18:13 2017 New Revision: 313114 URL: https://svnweb.freebsd.org/changeset/base/313114 Log: Many fixes for the if_ipsec.4 manual. Submitted by: wblock Modified: projects/ipsec/share/man/man4/if_ipsec.4 Modified: projects/ipsec/share/man/man4/if_ipsec.4 ============================================================================== --- projects/ipsec/share/man/man4/if_ipsec.4 Thu Feb 2 23:04:06 2017 (r313113) +++ projects/ipsec/share/man/man4/if_ipsec.4 Thu Feb 2 23:18:13 2017 (r313114) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 24, 2017 +.Dd February 3, 2017 .Dt if_ipsec 4 .Os .Sh NAME @@ -33,18 +33,18 @@ .Sh SYNOPSIS The .Cm if_ipsec -network interface is a part of +network interface is a part of the .Fx IPsec implementation. -To compile it into the kernel, place the following line in the kernel +To compile it into the kernel, place this line in the kernel configuration file: .Bd -ragged -offset indent .Cd "options IPSEC" .Ed .Pp -Alternatively, it can be loaded as part of +It can also be loaded as part of the .Cm ipsec -kernel module, if the kernel was compiled with: +kernel module if the kernel was compiled with .Bd -ragged -offset indent .Cd "options IPSEC_SUPPORT" .Ed @@ -52,7 +52,8 @@ kernel module, if the kernel was compile The .Nm network interface is targeted for creating route-based VPNs. -It can tunnel IPv[46] traffic over IPv[46] and secure it using ESP. +It can tunnel IPv4 and IPv6 traffic over either IPv4 or IPv6 and secure +it with ESP. .Pp .Nm interfaces are dynamically created and destroyed with the @@ -61,23 +62,23 @@ interfaces are dynamically created and d and .Cm destroy subcommands. -The administrator needs to configure IPsec +The administrator must configure IPsec .Cm tunnel -endpoints addresses. -These addresses will be used for the outer IP header of ESP packets. -The administrator also can configure the protocol and addresses for the inner +endpoint addresses. +These addresses will be used for the outer IP header of ESP packets. +The administrator can also configure the protocol and addresses for the inner IP header with .Xr ifconfig 8 , and modify the routing table to route the packets through the .Nm interface. .Pp -When +When the .Nm -interface is configured, it automatically creates special security policies, -that may be used to acquire security associations from IKE daemon, needed for -establishing an IPsec tunnel. -Also it is possible to create needed security associations manually using +interface is configured, it automatically creates special security policies. +These policies can be used to acquire security associations from the IKE daemon, +which are needed for establishing an IPsec tunnel. +It is also possible to create needed security associations manually with the .Xr setkey 8 utility. .Pp @@ -87,21 +88,22 @@ interface has additional numeric configu .Cm reqid Ar id . This .Ar id -used to distinguish traffic and security policies between several +is used to distinguish traffic and security policies between several .Nm interfaces. The .Cm reqid -can be specified on interface creating and changed later. -If it is not specified, it will be automatically assigned. -Note that changing of +can be specified on interface creation and changed later. +If not specified, it will be automatically assigned. +Note that changing .Cm reqid will lead to generation of new security policies, and this -may require creating of new security associations. +may require creating new security associations. .Sh EXAMPLES -The example below shows how to manually configure IPsec tunnel -between two FreeBSD hosts. Assuming host A has the IP address -192.168.0.3, and host B has the IP address 192.168.0.5. +The example below shows manual configuration of an IPsec tunnel +between two FreeBSD hosts. +Host A has the IP address 192.168.0.3, and host B has the IP address +192.168.0.5. .Pp On host A: .Bd -literal -offset indent @@ -126,8 +128,7 @@ add 192.168.0.5 192.168.0.3 esp 10001 -m .Ed .Pp Note the value 100 on host A and value 200 on host B are used as reqid. -The same values should be used as identifier of the policy entry in -the +The same values must be used as identifier of the policy entry in the .Xr setkey 8 command. .Sh SEE ALSO