Markup fixes: Add and change tags where needed.
This commit is contained in:
Martin Heinen
parent
0fc7097b1e
commit
d2db58b9b0
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=18050
1 changed files with 10 additions and 10 deletions
|
|
@ -3175,7 +3175,7 @@ Network #2 [ Internal Hosts ]
|
||||||
to appear to be from <hostid role="ipaddr">A.B.C.D</hostid>,
|
to appear to be from <hostid role="ipaddr">A.B.C.D</hostid>,
|
||||||
and it will have to be sent to <hostid
|
and it will have to be sent to <hostid
|
||||||
role="ipaddr">W.X.Y.Z</hostid>. This process is called
|
role="ipaddr">W.X.Y.Z</hostid>. This process is called
|
||||||
<hostid role="ipaddr">encapsulation</hostid>.</para>
|
<firstterm>encapsulation</firstterm>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Once this packet arrives at <hostid
|
<para>Once this packet arrives at <hostid
|
||||||
|
|
@ -3235,7 +3235,7 @@ ifconfig gif0 inet 192.168.2.1 192.168.1.1 netmask 0xffffffff
|
||||||
<para>to see the configuration. For example, on the network #1
|
<para>to see the configuration. For example, on the network #1
|
||||||
gateway, you would see this:</para>
|
gateway, you would see this:</para>
|
||||||
|
|
||||||
<screen>&prompt.root; gifconfig gif0
|
<screen>&prompt.root; <userinput>gifconfig gif0</userinput>
|
||||||
gif0: flags=8011<UP,POINTTOPOINT,MULTICAST> mtu 1280
|
gif0: flags=8011<UP,POINTTOPOINT,MULTICAST> mtu 1280
|
||||||
inet 192.168.1.1 --> 192.168.2.1 netmask 0xffffffff
|
inet 192.168.1.1 --> 192.168.2.1 netmask 0xffffffff
|
||||||
physical address inet A.B.C.D --> W.X.Y.Z
|
physical address inet A.B.C.D --> W.X.Y.Z
|
||||||
|
|
@ -3252,7 +3252,7 @@ physical address inet A.B.C.D --> W.X.Y.Z
|
||||||
on both machines, which you can examine with the command <command>netstat -rn</command>.
|
on both machines, which you can examine with the command <command>netstat -rn</command>.
|
||||||
This output is from the gateway host on network #1.</para>
|
This output is from the gateway host on network #1.</para>
|
||||||
|
|
||||||
<screen>&prompt.root; netstat -rn
|
<screen>&prompt.root; <userinput>netstat -rn</userinput>
|
||||||
Routing tables
|
Routing tables
|
||||||
|
|
||||||
Internet:
|
Internet:
|
||||||
|
|
@ -3491,8 +3491,8 @@ options IPSEC_ESP
|
||||||
<programlisting>A.B.C.D secret</programlisting>
|
<programlisting>A.B.C.D secret</programlisting>
|
||||||
|
|
||||||
<para>That is, the public IP address of the remote end, and the
|
<para>That is, the public IP address of the remote end, and the
|
||||||
same secret key. <filename>psk.txt</filename> must be mode 0600
|
same secret key. <filename>psk.txt</filename> must be mode <literal>0600</literal>
|
||||||
(i.e., only read/write to root) before racoon will run.</para>
|
(i.e., only read/write to <username>root</username>) before racoon will run.</para>
|
||||||
|
|
||||||
<para>You must run racoon on both gateway machines. You will
|
<para>You must run racoon on both gateway machines. You will
|
||||||
also need to add some firewall rules to allow the IKE traffic,
|
also need to add some firewall rules to allow the IKE traffic,
|
||||||
|
|
@ -3578,7 +3578,7 @@ ipfw add 1 allow udp from W.X.Y.Z to A.B.C.D isakmp
|
||||||
</textobject>
|
</textobject>
|
||||||
</mediaobject>
|
</mediaobject>
|
||||||
|
|
||||||
<para>This encapsulation is carried out by the gif device. As
|
<para>This encapsulation is carried out by the <devicename>gif</devicename> device. As
|
||||||
you can see, the packet now has real IP addresses on the outside,
|
you can see, the packet now has real IP addresses on the outside,
|
||||||
and our original packet has been wrapped up as data inside the
|
and our original packet has been wrapped up as data inside the
|
||||||
packet that will be put out on the Internet.</para>
|
packet that will be put out on the Internet.</para>
|
||||||
|
|
@ -3633,7 +3633,7 @@ spdadd A.B.C.D/32 W.X.Y.Z/32 ipencap -P out ipsec esp/tunnel/A.B.C.D-W.X.Y.Z/req
|
||||||
<para>Put these commands in a file (e.g.,
|
<para>Put these commands in a file (e.g.,
|
||||||
<filename>/etc/ipsec.conf</filename>) and then run</para>
|
<filename>/etc/ipsec.conf</filename>) and then run</para>
|
||||||
|
|
||||||
<screen>&prompt.root; setkey -f /etc/ipsec.conf</screen>
|
<screen>&prompt.root; <userinput>setkey -f /etc/ipsec.conf</userinput></screen>
|
||||||
|
|
||||||
<para><option>spdadd</option> tells &man.setkey.8; that we want
|
<para><option>spdadd</option> tells &man.setkey.8; that we want
|
||||||
to add a rule to the secure policy database. The rest of this
|
to add a rule to the secure policy database. The rest of this
|
||||||
|
|
@ -3720,13 +3720,13 @@ ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
|
||||||
|
|
||||||
<para>When they are received by the far end of the VPN they will
|
<para>When they are received by the far end of the VPN they will
|
||||||
first be decrypted (using the security associations that have
|
first be decrypted (using the security associations that have
|
||||||
been negotiated by racoon). Then they will enter the gif
|
been negotiated by racoon). Then they will enter the <devicename>gif</devicename>
|
||||||
interface, which will unwrap the second layer, until you are left
|
interface, which will unwrap the second layer, until you are left
|
||||||
with the innermost packet, which can then travel in to the inner
|
with the innermost packet, which can then travel in to the inner
|
||||||
network.</para>
|
network.</para>
|
||||||
|
|
||||||
<para>You can check the security using the same &man.ping.8; test from
|
<para>You can check the security using the same &man.ping.8; test from
|
||||||
earlier. First, log in to the A.B.C.D gateway machine, and
|
earlier. First, log in to the <hostid role="ipaddr">A.B.C.D</hostid> gateway machine, and
|
||||||
run:</para>
|
run:</para>
|
||||||
|
|
||||||
<programlisting>tcpdump dst host 192.168.2.1</programlisting>
|
<programlisting>tcpdump dst host 192.168.2.1</programlisting>
|
||||||
|
|
@ -3995,7 +3995,7 @@ Your identification has been saved in /home/user/.ssh/identity.
|
||||||
<note><para>The <option>-t rsa1</option> option will create RSA
|
<note><para>The <option>-t rsa1</option> option will create RSA
|
||||||
keys for use by SSH protocol version 1. If you want to use
|
keys for use by SSH protocol version 1. If you want to use
|
||||||
RSA keys with the SSH protocol version 2, you have to use the
|
RSA keys with the SSH protocol version 2, you have to use the
|
||||||
command <option>ssh-keygen -t rsa</option>.</para></note>
|
command <command>ssh-keygen -t rsa</command>.</para></note>
|
||||||
|
|
||||||
<para>If a passphrase is used in &man.ssh-keygen.1;, the user
|
<para>If a passphrase is used in &man.ssh-keygen.1;, the user
|
||||||
will be prompted for a password each time in order to use the private
|
will be prompted for a password each time in order to use the private
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue