diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
index b1de80eee0..ad66385725 100644
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@@ -3491,8 +3491,9 @@ options IPSEC_ESP
A.B.C.D secret
That is, the public IP address of the remote end, and the
- same secret key. psk.txt must be mode 0600
- (i.e., only read/write to root) before racoon will run.
+ same secret key. psk.txt must be mode
+ 0600 (i.e., only read/write to
+ root) before racoon will run.
You must run racoon on both gateway machines. You will
also need to add some firewall rules to allow the IKE traffic,
@@ -3578,7 +3579,8 @@ ipfw add 1 allow udp from W.X.Y.Z to A.B.C.D isakmp
- This encapsulation is carried out by the gif device. As
+ This encapsulation is carried out by the
+ gif device. As
you can see, the packet now has real IP addresses on the outside,
and our original packet has been wrapped up as data inside the
packet that will be put out on the Internet.
@@ -3720,13 +3722,14 @@ ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
When they are received by the far end of the VPN they will
first be decrypted (using the security associations that have
- been negotiated by racoon). Then they will enter the gif
- interface, which will unwrap the second layer, until you are left
- with the innermost packet, which can then travel in to the inner
- network.
+ been negotiated by racoon). Then they will enter the
+ gif interface, which will unwrap
+ the second layer, until you are left with the innermost
+ packet, which can then travel in to the inner network.
You can check the security using the same &man.ping.8; test from
- earlier. First, log in to the A.B.C.D gateway machine, and
+ earlier. First, log in to the
+ A.B.C.D gateway machine, and
run:
tcpdump dst host 192.168.2.1