On Wed, Apr 15, 2015 at 05:13:13PM +0200, Vincent Gross wrote: > Hello, > > iked.conf's man page is a bit fuzzy on how local and peer ip defaults > are set. This patch below attempts to fix that. > > Also, can you take a look at my previous nat-on-ipsec-on-iked patchset ? > > see http://marc.info/?l=openbsd-tech&m=142662971007779&w=2 > > Cheers, > > > Index: iked.conf.5 > =================================================================== > RCS file: /cvs/src/sbin/iked/iked.conf.5,v > retrieving revision 1.38 > diff -u -p -r1.38 iked.conf.5 > --- iked.conf.5 28 Feb 2015 21:51:57 -0000 1.38 > +++ iked.conf.5 15 Apr 2015 15:02:21 -0000 > @@ -334,23 +334,21 @@ see the file > .It Ic local Ar localip Ic peer Ar remote > The > .Ic local > -parameter specifies the address or FQDN of the local endpoint. > -Unless the gateway is multi-homed or uses address aliases, > -this option is generally not needed. > -.Pp > -The > +and > .Ic peer > -parameter specifies the address or FQDN of the remote endpoint. > -For host-to-host connections where > +parameters specify the address or FQDN of the local and remote > +endpoints respectively. > +If neither are specified, their default values are equal to > +.Ar src > +and > .Ar dst > -is identical to > -.Ar remote , > -this option is generally not needed as it will be set to > -.Ar dst > -automatically. > -If it is not specified or if the keyword > -.Ar any > -is given, the default peer is used. > +for > +.Ar localip > +and > +.Ar remote > +respectively. When only one is specified, the other > +defaults to > +.Ar any . > .It Xo > .Ic ikesa > .Ic auth Ar algorithm >
if you can specify one and have the other default to "any", i agree we'd want to document it. for the rest, the diff essentially removes the information about when these options might be useful and needed. i'm less sure about that. i'd appreciate some feedback from a developer that the content is correct. i'm less inclined to rearrange the page this way without good reason. also note for future man diffs to start new sentences on new lines. jmc
