From owner-svn-doc-all@freebsd.org Sun Jun 11 15:53:34 2017 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E0650D89A02; Sun, 11 Jun 2017 15:53:34 +0000 (UTC) (envelope-from sevan@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B04916AFAB; Sun, 11 Jun 2017 15:53:34 +0000 (UTC) (envelope-from sevan@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v5BFrXtR061375; Sun, 11 Jun 2017 15:53:33 GMT (envelope-from sevan@FreeBSD.org) Received: (from sevan@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v5BFrXgP061374; Sun, 11 Jun 2017 15:53:33 GMT (envelope-from sevan@FreeBSD.org) Message-Id: <201706111553.v5BFrXgP061374@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: sevan set sender to sevan@FreeBSD.org using -f From: Sevan Janiyan Date: Sun, 11 Jun 2017 15:53:33 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r50359 - head/en_US.ISO8859-1/books/handbook/security X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jun 2017 15:53:35 -0000 Author: sevan Date: Sun Jun 11 15:53:33 2017 New Revision: 50359 URL: https://svnweb.freebsd.org/changeset/doc/50359 Log: Add a note that FreeBSD 11 & newer have IPsec support enabled by default (no need to build a kernel). Set hostnames for different hosts before the &prompt.root; macro rather than in user input section. This resolves issue with double prompts in generated page. Approved by: bcr (mentor) Differential Revision: https://reviews.freebsd.org/D11143 Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Sun Jun 11 14:43:24 2017 (r50358) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Sun Jun 11 15:53:33 2017 (r50359) @@ -2127,8 +2127,9 @@ Connection closed by foreign host. information on the IPsec subsystem in &os;. - To add IPsec support to the kernel, add - the following options to the custom kernel configuration file + IPsec support is enabled by default on &os;   11 and newer. + To add IPsec support to the kernel of older &os; releases, + add the following options to the custom kernel configuration file and rebuild the kernel using the instructions in : @@ -2271,10 +2272,10 @@ round-trip min/avg/max/stddev = 28.106/94.594/154.524/ network. The following commands will achieve this goal: - &prompt.root; corp-net# route add 10.0.0.0 10.0.0.5 255.255.255.0 -&prompt.root; corp-net# route add net 10.0.0.0: gateway 10.0.0.5 -&prompt.root; priv-net# route add 10.246.38.0 10.246.38.1 255.255.255.0 -&prompt.root; priv-net# route add host 10.246.38.0: gateway 10.246.38.1 + corp-net&prompt.root; route add 10.0.0.0 10.0.0.5 255.255.255.0 +corp-net&prompt.root; route add net 10.0.0.0: gateway 10.0.0.5 +priv-net&prompt.root; route add 10.246.38.0 10.246.38.1 255.255.255.0 +priv-net&prompt.root; route add host 10.246.38.0: gateway 10.246.38.1 At this point, internal machines should be reachable from each gateway as well as from machines behind the gateways.