diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
index 1c9f8d6a28..2563fa5b33 100644
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@@ -3046,9 +3046,7 @@ Connection closed by foreign host.
Understanding IPsec
This section will guide you through the process of setting
- up IPsec, and to use it in an environment which consists of
- FreeBSD and µsoft.windows; 2000/XP
- machines, to make them communicate securely. In order to set up
+ up IPsec. In order to set up
IPsec, it is necessary that you are familiar with the concepts
of building a custom kernel (see
).
@@ -3123,14 +3121,9 @@ Connection closed by foreign host.
IPSEC
-
- kernel options
- IPSEC_ESP
-
-
options IPSEC #IP security
-options IPSEC_ESP #IP security (crypto; define w/ IPSEC)
+device crypto
@@ -3400,9 +3393,8 @@ sainfo (address 10.246.38.0/24 any address 10.0.0.0/24 any) # address $network/
initialization and should be saved as
/usr/local/etc/racoon/setkey.conf.
-#!/bin/sh
-/usr/local/sbin/setkey -FP
-/usr/local/sbin/setkey -F
+flush;
+spdflush;
# To the home network
/usr/local/sbin/setkey -c spdadd 10.246.38.0/24 10.0.0.0/24 any -P out ipsec esp/tunnel/172.16.5.4-192.168.1.12/use;
/usr/local/sbin/setkey -c spdadd 10.0.0.0/24 10.246.38.0/24 any -P in ipsec esp/tunnel/192.168.1.12-172.16.5.4/use;
@@ -3481,7 +3473,9 @@ pass out quick on gif0 from any to any
/etc/rc.conf:
ipsec_enable="YES"
-ipsec_file="/usr/local/etc/racoon/setkey.conf" # allows setting up spd policies on boot
+ipsec_program="/usr/local/sbin/setkey"
+ipsec_file="/usr/local/etc/racoon/setkey.conf" # allows setting up spd policies on boot
+racoon_enable="yes"