From owner-freebsd-doc@FreeBSD.ORG Mon May 30 03:09:33 2005 Return-Path: X-Original-To: doc@FreeBSD.org Delivered-To: freebsd-doc@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 28EF416A41C for ; Mon, 30 May 2005 03:09:33 +0000 (GMT) (envelope-from devietti@seas.upenn.edu) Received: from orion.sas.upenn.edu (ORION.SAS.UPENN.EDU [128.91.55.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id B081343D1D for ; Mon, 30 May 2005 03:09:32 +0000 (GMT) (envelope-from devietti@seas.upenn.edu) Received: from [192.168.1.128] (cpe-24-193-242-205.ucwphilly.res.rr.com [24.193.242.205]) (authenticated bits=0) by orion.sas.upenn.edu (8.12.9-20040504/8.12.1/SAS.05) with ESMTP id j4U39je5026274 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for ; Sun, 29 May 2005 23:09:45 -0400 (EDT) From: Joe Devietti To: doc@FreeBSD.org Date: Sun, 29 May 2005 23:09:25 -0400 User-Agent: KMail/1.7.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200505292309.25554.devietti@seas.upenn.edu> X-Scanned-By: MIMEDefang 2.36 Cc: Subject: modifications to handbook 14.10: VPN over IPSec X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: devietti@seas.upenn.edu List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2005 03:09:33 -0000 Dear FreeBSD Documentation team, While installing an IPSec VPN between two gateways running 5.4-RELEASE, I found that 2 small changes to the instructions listed in the Handbook (Chapter 14, Section 10, "VPN over IPSec") were necessary to make the VPN work. Perhaps I misunderstand some things, but I know at least that the modified directions worked for me. Also, I've done no rigorous verification of what commands work where, but I have checked these on FreeBSD 4.8-RELEASE, 4.11-RELEASE, and 5.4-RELEASE. Both changes were to the instructions in section 14.10.3.1. It seems that one has to create the "gif0" generic interface before one can tell it to start tunneling. In both FreeBSD 4.x and 5.x, I believe this is accomplished via the command: ifconfig gif0 create Also, the handbook gives the commands for 4.x while stating that the functionality of "gifconfig" has been merged into "ifconfig" in 5.x. Giving the actual commands to run in 5.x might be nice; instead of gifconfig gif0 A.B.C.D W.X.Y.Z one must use ifconfig gif0 tunnel A.B.C.D W.X.Y.Z On a similar note, the summary at the end of Section 14.10.3.1 changes slightly for 5.x. The gif tunnel must be created explicitly in /etc/rc.conf, so the 4 lines listed as necessary need to be instead 5, the first of which is gif_interfaces="gif0" Finally, the "netmask" argument to the "route" command should actually be "-netmask" (the dash is missing); I believe this is the case under 4.x as well as 5.x. Section 14.10.3.1 mentions the "route" command twice: once in the step-by-step instructions and once in the summary. Hopefully I've been clear enough about what I feel needs to be modified; the elisions are small but their correction may save people some time. Overall, I've been extremely impressed with the quality of the FreeBSD project, and I look forward to working with (and, eventually, contributing to) FreeBSD in the future. Joe Devietti