Date: Sun, 29 May 2005 23:09:25 -0400 From: Joe Devietti <devietti@seas.upenn.edu> To: doc@FreeBSD.org Subject: modifications to handbook 14.10: VPN over IPSec Message-ID: <200505292309.25554.devietti@seas.upenn.edu>
next in thread | raw e-mail | index | archive | help
Dear FreeBSD Documentation team, While installing an IPSec VPN between two gateways running 5.4-RELEASE, I found that 2 small changes to the instructions listed in the Handbook (Chapter 14, Section 10, "VPN over IPSec") were necessary to make the VPN work. Perhaps I misunderstand some things, but I know at least that the modified directions worked for me. Also, I've done no rigorous verification of what commands work where, but I have checked these on FreeBSD 4.8-RELEASE, 4.11-RELEASE, and 5.4-RELEASE. Both changes were to the instructions in section 14.10.3.1. It seems that one has to create the "gif0" generic interface before one can tell it to start tunneling. In both FreeBSD 4.x and 5.x, I believe this is accomplished via the command: ifconfig gif0 create Also, the handbook gives the commands for 4.x while stating that the functionality of "gifconfig" has been merged into "ifconfig" in 5.x. Giving the actual commands to run in 5.x might be nice; instead of gifconfig gif0 A.B.C.D W.X.Y.Z one must use ifconfig gif0 tunnel A.B.C.D W.X.Y.Z On a similar note, the summary at the end of Section 14.10.3.1 changes slightly for 5.x. The gif tunnel must be created explicitly in /etc/rc.conf, so the 4 lines listed as necessary need to be instead 5, the first of which is gif_interfaces="gif0" Finally, the "netmask" argument to the "route" command should actually be "-netmask" (the dash is missing); I believe this is the case under 4.x as well as 5.x. Section 14.10.3.1 mentions the "route" command twice: once in the step-by-step instructions and once in the summary. Hopefully I've been clear enough about what I feel needs to be modified; the elisions are small but their correction may save people some time. Overall, I've been extremely impressed with the quality of the FreeBSD project, and I look forward to working with (and, eventually, contributing to) FreeBSD in the future. Joe Devietti
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505292309.25554.devietti>