On Fri, Feb 22, 2019 at 10:07:05PM GMT, Landry Breuil wrote: > CVSROOT: /cvs > Module name: www > Changes by: lan...@cvs.openbsd.org 2019/02/22 15:07:05 > > Modified files: > faq : index.html > Added files: > faq : faq17.html > > Log message: > Add a (wip!) VPN FAQ, because 'How do i VPN with OpenBSD?' seems to be a > frequently asked question, and IPSec is hard. Now is the time to polish > it in-tree. >
Spelling/capitalisation is harder still! ;^) As per https://marc.info/?t=151964747500001&r=1&w=2 This patch is only for the faq directory. Regards, Raf Index: faq/faq10.html =================================================================== RCS file: /cvs/www/faq/faq10.html,v retrieving revision 1.285 diff -u -p -r1.285 faq10.html --- faq/faq10.html 18 Oct 2018 03:14:38 -0000 1.285 +++ faq/faq10.html 23 Feb 2019 06:08:51 -0000 @@ -358,7 +358,7 @@ In particular, YP is inadequate if poten to your network. Anybody gaining root access to any computer connected to your network segments carrying YP traffic can bind your YP domain and retrieve its data. -In some cases, passing YP traffic through SSL or IPSec tunnels might be +In some cases, passing YP traffic through SSL or IPsec tunnels might be an option. <h3 id="YP_server">Setting Up a YP Server</h3> Index: faq/faq17.html =================================================================== RCS file: /cvs/www/faq/faq17.html,v retrieving revision 1.1 diff -u -p -r1.1 faq17.html --- faq/faq17.html 22 Feb 2019 22:07:05 -0000 1.1 +++ faq/faq17.html 23 Feb 2019 06:08:51 -0000 @@ -170,7 +170,7 @@ ikev2_recv: IKE_AUTH response from respo sa_state: VALID -> ESTABLISHED from 192.0.2.1:4500 to 198.51.100.1:4500 policy 'server2_rsa' </pre> -The IPSec flows can be viewed with <a +The IPsec flows can be viewed with <a href="https://man.openbsd.org/ipsecctl">ipsecctl(8)</a>: <pre class="cmdbox"> @@ -291,7 +291,7 @@ ikev2 'responder_rsa' passive esp \ tag "ROADW" </pre> -It also needs to allow IPSec from any host (since clients might connect from +It also needs to allow IPsec from any host (since clients might connect from anywhere), allow traffic tagged ROADW on <code>enc0</code> and apply NAT to it: <pre class="cmdbox"> @@ -356,7 +356,7 @@ After starting the initiator, this addit roadwarrior# <b>ipsecctl -f /etc/ipsec.conf</b> </pre> -This will happen at boot if IPSec has been enabled with +This will happen at boot if IPsec has been enabled with <code>rcctl enable ipsec</code>. <p>