Date: Mon, 28 Dec 2015 14:32:02 -0800 From: Chip Marshall <chip@2bithacker.net> To: freebsd-doc@freebsd.org Subject: IPsec Documentation Message-ID: <20151228223202.GA83834@2bithacker.net>
next in thread | raw e-mail | index | archive | help
--OgqxwSJOaUobr8KG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Good afternoon, Documentation newbie here, but I've been thinking of updating section 13.7.1 (Configuring a VPN on FreeBSD) of the Handbook for a few reasons, but figured I should touch base here first and make sure I'm not duplicating effort or stepping on any toes. Motivators: - The existing racoon.conf in the handbook uses a deprecated syntax for remote and sainfo declarations. - It also indicates the use of weak ciphers (3DES and MD5) - It describes setting up an IP-IP tunnel over tunnel-mode IPsec, which is redundant, only need to use one or the other. - Lacks any description of the referenced psk.txt file, which could be confusing for a newcomer With the introduction of IPsec into the GENERIC kernel, I figured it would be good to get this section of the handbook revised a bit. As a side note, I noticed there's a fair amount of use of RFC 1918 space (10/8, 192.168/16, etc) in the Handbook. Is there any interest in revising it to use RFC 5737 space instead? That's dedicated documentation space that is never supposed to be used in a live network. There's a corresponding IPv6 space as well, defined in RFC 3849. Thanks in advance for any input. --=20 Chip Marshall <chip@2bithacker.net> http://2bithacker.net/ --OgqxwSJOaUobr8KG Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iEYEARECAAYFAlaBuGIACgkQnTUxIUPEgZ5oswCgi/G0kUBgzoFgN6wB8T3SKXBF gn0An3WLH7evih9GwiE33glIiKDSG5uF =pGB8 -----END PGP SIGNATURE----- --OgqxwSJOaUobr8KG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151228223202.GA83834>