Date: Tue, 30 Jul 2002 14:40:31 -0500 From: Eric Anderson <anderson@centtech.com> To: Mike DeGraw-Bertsch <mbertsch@radioactivedata.com> Cc: doc@freebsd.org Subject: Re: IPsec documentation Message-ID: <3D46EBAF.4050804@centtech.com> References: <1028055892.24993.239.camel@core.radioactivedata.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Looks good to me.. Here are a few tweaks :D :
--- ipsec.sgml Tue Jul 30 14:16:06 2002
+++ ipsec.sgml-patched Tue Jul 30 14:39:17 2002
@@ -80,7 +80,7 @@
article on my laptop in my living room, thanks to my wireless
network. Since WEP is mostly worthless, all traffic between my
laptop and the Internet is first encrypted and tunneled to my
- access point (a FreeBSD box.) That way, no one can peek at my
+ access point (a FreeBSD box). That way, no one can peek at my
traffic as it travels through the air. This also insures that no
one else can use my wireless connection, because IPsec offers
strong authentication.</para>
@@ -96,15 +96,16 @@
<para>Your first step is to configure your kernel. If you've
done this before, great, just skip to the next section for the
- options you need to add (or make sure you didn't remove.) If
+ options you need to add (or make sure you didn't remove). If
you haven't done this before, don't worry! It's really easy.
<ulink url="../kernelconfig.html">Chapter 9 of the
Handbook</ulink> covers this in detail.</para>
- <para>IPsec requires simply <literal>options IPSEC</literal>. If
- you want to use ESP (which you almost definitely do), also
- include <literal>options IPSEC_ESP</literal>. For verbose
- debugging information available via &man.dmesg.8, include <literal>options
+ <para>IPsec requires simply <literal>options IPSEC</literal> in
+ your kernel configuration file. If you want to use ESP
+ (which you almost definitely do), also include <literal>options
+ IPSEC_ESP</literal>. For verbose debugging information
+ available via &man.dmesg.8, include <literal>options
IPSEC_DEBUG</literal>.</para>
<para>While not kernel related, also be sure to add
@@ -117,7 +118,7 @@
<sect3 id="ike">
<title>IKE (Not the Former US President)</title>
- <para>Regardless of the IPsec mode you want to use, you much
+ <para>Regardless of the IPsec mode you want to use, you must
first configure the connecting hosts to use the Internet Key
Exchange. IKE is a protocol that allows IPsec to exchange its
bulk encryption keys securely and automagically. In FreeBSD
@@ -410,7 +411,7 @@
sure you generated and signed them properly. Also check your
certificates directory, and make sure you have the symlink to
the CA cert. If you're using pre-shared keys, check
- <filename>pke.txt</filename> on both machines, making sure that
+ <filename>psk.txt</filename> on both machines, making sure that
the keys are identical and the IP addresses are correct, and
that the file is only readable by root. If everything checks
out, look through <filename>/var/log/racoon.log</filename> to
Good work..
Eric
Mike DeGraw-Bertsch wrote:
> Howdy,
>
> A long while back I promised to work on the IPsec section of the
> handbook. Well, after Chern prodded me a bit today, I actually have a
> completed draft for you to look at. It's online at
> http://www.radioactivedata.com/freebsd/ipsec.html.
>
> Please take a look and let me know of any concerns or changes you want
> to see.
>
> I wrote the section in SGML, and believe everything conforms to the
> FreeBSD standard. If you want to look at that, it's at
> http://www.radioactivedata.com/freebsd/ipsec.sgml.
>
>
> -Mike
>
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-doc" in the body of the message
>
--
------------------------------------------------------------------
Eric Anderson Systems Administrator Centaur Technology
For Sale: Parachute. Only used once, never opened, small stain.
------------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D46EBAF.4050804>