On Mon, Apr 20, 2015 at 07:35:58PM +0059, Jason McIntyre wrote: > On Wed, Apr 15, 2015 at 05:13:13PM +0200, Vincent Gross wrote: > > Hello, > > > > iked.conf's man page is a bit fuzzy on how local and peer ip defaults > > are set. This patch below attempts to fix that. > > > > Also, can you take a look at my previous nat-on-ipsec-on-iked patchset ? > > > > see http://marc.info/?l=openbsd-tech&m=142662971007779&w=2 > > > > Cheers, > > > > > > Index: iked.conf.5 > > =================================================================== > > RCS file: /cvs/src/sbin/iked/iked.conf.5,v > > retrieving revision 1.38 > > diff -u -p -r1.38 iked.conf.5 > > --- iked.conf.5 28 Feb 2015 21:51:57 -0000 1.38 > > +++ iked.conf.5 15 Apr 2015 15:02:21 -0000 > > @@ -334,23 +334,21 @@ see the file > > .It Ic local Ar localip Ic peer Ar remote > > The > > .Ic local > > -parameter specifies the address or FQDN of the local endpoint. > > -Unless the gateway is multi-homed or uses address aliases, > > -this option is generally not needed. > > -.Pp > > -The > > +and > > .Ic peer > > -parameter specifies the address or FQDN of the remote endpoint. > > -For host-to-host connections where > > +parameters specify the address or FQDN of the local and remote > > +endpoints respectively. > > +If neither are specified, their default values are equal to > > +.Ar src > > +and > > .Ar dst > > -is identical to > > -.Ar remote , > > -this option is generally not needed as it will be set to > > -.Ar dst > > -automatically. > > -If it is not specified or if the keyword > > -.Ar any > > -is given, the default peer is used. > > +for > > +.Ar localip > > +and > > +.Ar remote > > +respectively. When only one is specified, the other > > +defaults to > > +.Ar any . > > .It Xo > > .Ic ikesa > > .Ic auth Ar algorithm > > > > if you can specify one and have the other default to "any", i agree we'd > want to document it. > > for the rest, the diff essentially removes the information about when > these options might be useful and needed. i'm less sure about that. > > i'd appreciate some feedback from a developer that the content is > correct. > > i'm less inclined to rearrange the page this way without good reason. > > also note for future man diffs to start new sentences on new lines. > > jmc
sorry, but i cannot get any feedback on this. i'm dropping it. jmc
