FreeBSD Bugzilla – Attachment 86832 Details for
Bug 123332
[patch] Fix <application> Tags for Racoon in Handbook Chapter 14.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security.patch.1.diff
security.patch.1.diff (text/plain), 3.81 KB, created by
Gabor Pali
on 2008-05-02 17:00:08 UTC
(
hide
)
Description:
security.patch.1.diff
Filename:
MIME Type:
Creator:
Gabor Pali
Created:
2008-05-02 17:00:08 UTC
Size:
3.81 KB
patch
obsolete
>Index: chapter.sgml >=================================================================== >RCS file: /doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v >retrieving revision 1.320 >diff -u -r1.320 chapter.sgml >--- chapter.sgml 3 Feb 2008 10:26:16 -0000 1.320 >+++ chapter.sgml 2 May 2008 15:51:31 -0000 >@@ -3640,7 +3640,7 @@ > > <para>There are a number of choices for daemons to manage > security associations with FreeBSD. This article will describe >- how to use one of these, racoon — which is available from >+ how to use one of these, <application>racoon</application> — which is available from > <filename role="package">security/ipsec-tools</filename> in the &os; Ports > collection.</para> > >@@ -3662,14 +3662,14 @@ > gets) it will not do them much good -- by the time they have cracked > the key the two daemons have chosen another one.</para> > >- <para>The configuration file for racoon is stored in >+ <para>The configuration file for <application>racoon</application> is stored in > <filename>${PREFIX}/etc/racoon</filename>. You should find a > configuration file there, which should not need to be changed >- too much. The other component of racoon's configuration, >+ too much. The other component of <application>racoon</application>'s configuration, > which you will need to change, is the <quote>pre-shared > key</quote>.</para> > >- <para>The default racoon configuration expects to find this in >+ <para>The default <application>racoon</application> configuration expects to find this in > the file <filename>${PREFIX}/etc/racoon/psk.txt</filename>. It is important to note > that the pre-shared key is <emphasis>not</emphasis> the key that will be used to > encrypt your traffic across the VPN link, it is simply a token >@@ -3696,9 +3696,9 @@ > <para>That is, the public IP address of the remote end, and the > same secret key. <filename>psk.txt</filename> must be mode > <literal>0600</literal> (i.e., only read/write to >- <username>root</username>) before racoon will run.</para> >+ <username>root</username>) before <application>racoon</application> will run.</para> > >- <para>You must run racoon on both gateway machines. You will >+ <para>You must run <application>racoon</application> on both gateway machines. You will > also need to add some firewall rules to allow the IKE traffic, > which is carried over UDP to the ISAKMP (Internet Security Association > Key Management Protocol) port. Again, this should be fairly early in >@@ -3708,9 +3708,9 @@ > ipfw add 1 allow udp from W.X.Y.Z to A.B.C.D isakmp > </programlisting> > >- <para>Once racoon is running you can try pinging one gateway host >+ <para>Once <application>racoon</application> is running you can try pinging one gateway host > from the other. The connection is still not encrypted, but >- racoon will then set up the security associations between the two >+ <application>racoon</application> will then set up the security associations between the two > hosts -- this might take a moment, and you may see this as a > short delay before the ping commands start responding.</para> > >@@ -3925,7 +3925,7 @@ > > <para>When they are received by the far end of the VPN they will > first be decrypted (using the security associations that have >- been negotiated by racoon). Then they will enter the >+ been negotiated by <application>racoon</application>). Then they will enter the > <devicename>gif</devicename> interface, which will unwrap > the second layer, until you are left with the innermost > packet, which can then travel in to the inner network.</para>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=86832">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 123332
: 86832