Date: Tue, 30 Jul 2002 14:40:31 -0500 From: Eric Anderson <anderson@centtech.com> To: Mike DeGraw-Bertsch <mbertsch@radioactivedata.com> Cc: doc@freebsd.org Subject: Re: IPsec documentation Message-ID: <3D46EBAF.4050804@centtech.com> References: <1028055892.24993.239.camel@core.radioactivedata.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Looks good to me.. Here are a few tweaks :D : --- ipsec.sgml Tue Jul 30 14:16:06 2002 +++ ipsec.sgml-patched Tue Jul 30 14:39:17 2002 @@ -80,7 +80,7 @@ article on my laptop in my living room, thanks to my wireless network. Since WEP is mostly worthless, all traffic between my laptop and the Internet is first encrypted and tunneled to my - access point (a FreeBSD box.) That way, no one can peek at my + access point (a FreeBSD box). That way, no one can peek at my traffic as it travels through the air. This also insures that no one else can use my wireless connection, because IPsec offers strong authentication.</para> @@ -96,15 +96,16 @@ <para>Your first step is to configure your kernel. If you've done this before, great, just skip to the next section for the - options you need to add (or make sure you didn't remove.) If + options you need to add (or make sure you didn't remove). If you haven't done this before, don't worry! It's really easy. <ulink url="../kernelconfig.html">Chapter 9 of the Handbook</ulink> covers this in detail.</para> - <para>IPsec requires simply <literal>options IPSEC</literal>. If - you want to use ESP (which you almost definitely do), also - include <literal>options IPSEC_ESP</literal>. For verbose - debugging information available via &man.dmesg.8, include <literal>options + <para>IPsec requires simply <literal>options IPSEC</literal> in + your kernel configuration file. If you want to use ESP + (which you almost definitely do), also include <literal>options + IPSEC_ESP</literal>. For verbose debugging information + available via &man.dmesg.8, include <literal>options IPSEC_DEBUG</literal>.</para> <para>While not kernel related, also be sure to add @@ -117,7 +118,7 @@ <sect3 id="ike"> <title>IKE (Not the Former US President)</title> - <para>Regardless of the IPsec mode you want to use, you much + <para>Regardless of the IPsec mode you want to use, you must first configure the connecting hosts to use the Internet Key Exchange. IKE is a protocol that allows IPsec to exchange its bulk encryption keys securely and automagically. In FreeBSD @@ -410,7 +411,7 @@ sure you generated and signed them properly. Also check your certificates directory, and make sure you have the symlink to the CA cert. If you're using pre-shared keys, check - <filename>pke.txt</filename> on both machines, making sure that + <filename>psk.txt</filename> on both machines, making sure that the keys are identical and the IP addresses are correct, and that the file is only readable by root. If everything checks out, look through <filename>/var/log/racoon.log</filename> to Good work.. Eric Mike DeGraw-Bertsch wrote: > Howdy, > > A long while back I promised to work on the IPsec section of the > handbook. Well, after Chern prodded me a bit today, I actually have a > completed draft for you to look at. It's online at > http://www.radioactivedata.com/freebsd/ipsec.html. > > Please take a look and let me know of any concerns or changes you want > to see. > > I wrote the section in SGML, and believe everything conforms to the > FreeBSD standard. If you want to look at that, it's at > http://www.radioactivedata.com/freebsd/ipsec.sgml. > > > -Mike > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-doc" in the body of the message > -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology For Sale: Parachute. Only used once, never opened, small stain. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D46EBAF.4050804>