From owner-freebsd-doc  Tue Jul 30 12:40:42 2002
Delivered-To: freebsd-doc@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0112B37B405
	for <doc@freebsd.org>; Tue, 30 Jul 2002 12:40:38 -0700 (PDT)
Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B700543E31
	for <doc@freebsd.org>; Tue, 30 Jul 2002 12:40:36 -0700 (PDT)
	(envelope-from anderson@centtech.com)
Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31])
	by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g6UJeY907943;
	Tue, 30 Jul 2002 14:40:34 -0500 (CDT)
Received: (from root@localhost)
	by sprint.centtech.com (8.11.6+Sun/8.11.6) id g6UJeYI08408;
	Tue, 30 Jul 2002 14:40:34 -0500 (CDT)
Received: from centtech.com (proton [10.177.173.77])
	by sprint.centtech.com (8.11.6+Sun/8.11.6) with ESMTP id g6UJeVo08401;
	Tue, 30 Jul 2002 14:40:31 -0500 (CDT)
Message-ID: <3D46EBAF.4050804@centtech.com>
Date: Tue, 30 Jul 2002 14:40:31 -0500
From: Eric Anderson <anderson@centtech.com>
Reply-To: anderson@centtech.com
User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3
X-Accept-Language: en-us
MIME-Version: 1.0
To: Mike DeGraw-Bertsch <mbertsch@radioactivedata.com>
Cc: doc@freebsd.org
Subject: Re: IPsec documentation
References: <1028055892.24993.239.camel@core.radioactivedata.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-doc.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-doc>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-doc>
X-Loop: FreeBSD.org

Looks good to me.. Here are a few tweaks :D :

--- ipsec.sgml  Tue Jul 30 14:16:06 2002
+++ ipsec.sgml-patched  Tue Jul 30 14:39:17 2002
@@ -80,7 +80,7 @@
      article on my laptop in my living room, thanks to my wireless
      network. Since WEP is mostly worthless, all traffic between my
      laptop and the Internet is first encrypted and tunneled to my
-    access point (a FreeBSD box.) That way, no one can peek at my
+    access point (a FreeBSD box). That way, no one can peek at my
      traffic as it travels through the air. This also insures that no
      one else can use my wireless connection, because IPsec offers
      strong authentication.</para>
@@ -96,15 +96,16 @@

        <para>Your first step is to configure your kernel.  If you've
         done this before, great, just skip to the next section for the
-       options you need to add (or make sure you didn't remove.)  If
+       options you need to add (or make sure you didn't remove).  If
         you haven't done this before, don't worry!  It's really easy.
         <ulink url="../kernelconfig.html">Chapter 9 of the
           Handbook</ulink> covers this in detail.</para>

-      <para>IPsec requires simply <literal>options IPSEC</literal>. If
-       you want to use ESP (which you almost definitely do), also
-       include <literal>options IPSEC_ESP</literal>.  For verbose
-       debugging information available via &man.dmesg.8, include <literal>options
+      <para>IPsec requires simply <literal>options IPSEC</literal> in
+        your kernel configuration file. If you want to use ESP
+        (which you almost definitely do), also include <literal>options
+        IPSEC_ESP</literal>.  For verbose debugging information
+        available via &man.dmesg.8, include <literal>options
           IPSEC_DEBUG</literal>.</para>

        <para>While not kernel related, also be sure to add
@@ -117,7 +118,7 @@
      <sect3 id="ike">
        <title>IKE (Not the Former US President)</title>

-      <para>Regardless of the IPsec mode you want to use, you much
+      <para>Regardless of the IPsec mode you want to use, you must
         first configure the connecting hosts to use the Internet Key
         Exchange. IKE is a protocol that allows IPsec to exchange its
         bulk encryption keys securely and automagically. In FreeBSD
@@ -410,7 +411,7 @@
        sure you generated and signed them properly. Also check your
        certificates directory, and make sure you have the symlink to
        the CA cert.  If you're using pre-shared keys, check
-      <filename>pke.txt</filename> on both machines, making sure that
+      <filename>psk.txt</filename> on both machines, making sure that
        the keys are identical and the IP addresses are correct, and
        that the file is only readable by root. If everything checks
        out, look through <filename>/var/log/racoon.log</filename> to

Good work..

Eric



Mike DeGraw-Bertsch wrote:

> Howdy,
> 
> A long while back I promised to work on the IPsec section of the
> handbook.  Well, after Chern prodded me a bit today, I actually have a
> completed draft for you to look at.  It's online at
> http://www.radioactivedata.com/freebsd/ipsec.html.
> 
> Please take a look and let me know of any concerns or changes you want
> to see.
> 
> I wrote the section in SGML, and believe everything conforms to the
> FreeBSD standard.  If you want to look at that, it's at
> http://www.radioactivedata.com/freebsd/ipsec.sgml.
> 
> 
>   -Mike
> 
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-doc" in the body of the message
> 


-- 
------------------------------------------------------------------
Eric Anderson	   Systems Administrator      Centaur Technology
For Sale: Parachute. Only used once, never opened, small stain.
------------------------------------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message