os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Break long lines from the previous commit.

Browse source 
Translators please ignore.
This commit is contained in:
Martin Heinen 2003-09-01 23:11:15 +00:00
parent d2db58b9b0
commit c0c5a69f2e
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=18051
1 changed files with 11 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
en_US.ISO8859-1/books/handbook/security/chapter.sgml
View file

@ -3491,8 +3491,9 @@ options IPSEC_ESP
<programlisting>A.B.C.D secret</programlisting> <programlisting>A.B.C.D secret</programlisting>
<para>That is, the public IP address of the remote end, and the <para>That is, the public IP address of the remote end, and the
same secret key. <filename>psk.txt</filename> must be mode <literal>0600</literal> same secret key. <filename>psk.txt</filename> must be mode
(i.e., only read/write to <username>root</username>) before racoon will run.</para> <literal>0600</literal> (i.e., only read/write to
<username>root</username>) before racoon will run.</para>
<para>You must run racoon on both gateway machines. You will <para>You must run racoon on both gateway machines. You will
also need to add some firewall rules to allow the IKE traffic, also need to add some firewall rules to allow the IKE traffic,
@ -3578,7 +3579,8 @@ ipfw add 1 allow udp from W.X.Y.Z to A.B.C.D isakmp
</textobject> </textobject>
</mediaobject> </mediaobject>
<para>This encapsulation is carried out by the <devicename>gif</devicename> device. As <para>This encapsulation is carried out by the
<devicename>gif</devicename> device. As
you can see, the packet now has real IP addresses on the outside, you can see, the packet now has real IP addresses on the outside,
and our original packet has been wrapped up as data inside the and our original packet has been wrapped up as data inside the
packet that will be put out on the Internet.</para> packet that will be put out on the Internet.</para>
@ -3720,13 +3722,14 @@ ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
<para>When they are received by the far end of the VPN they will <para>When they are received by the far end of the VPN they will
first be decrypted (using the security associations that have first be decrypted (using the security associations that have
been negotiated by racoon). Then they will enter the <devicename>gif</devicename> been negotiated by racoon). Then they will enter the
interface, which will unwrap the second layer, until you are left <devicename>gif</devicename> interface, which will unwrap
with the innermost packet, which can then travel in to the inner the second layer, until you are left with the innermost
network.</para> packet, which can then travel in to the inner network.</para>
<para>You can check the security using the same &man.ping.8; test from <para>You can check the security using the same &man.ping.8; test from
earlier. First, log in to the <hostid role="ipaddr">A.B.C.D</hostid> gateway machine, and earlier. First, log in to the
<hostid role="ipaddr">A.B.C.D</hostid> gateway machine, and
run:</para> run:</para>
<programlisting>tcpdump dst host 192.168.2.1</programlisting> <programlisting>tcpdump dst host 192.168.2.1</programlisting>