modifications to handbook 14.10: VPN over IPSec

[Joe Devietti]

Dear FreeBSD Documentation team,

While installing an IPSec VPN between two gateways running 5.4-RELEASE, I 
found that 2 small changes to the instructions listed in the Handbook 
(Chapter 14, Section 10, "VPN over IPSec") were necessary to make the VPN 
work.  Perhaps I misunderstand some things, but I know at least that the 
modified directions worked for me.

Also, I've done no rigorous verification of what commands work where, but I 
have checked these on FreeBSD 4.8-RELEASE, 4.11-RELEASE, and 5.4-RELEASE.

Both changes were to the instructions in section 14.10.3.1.  It seems that one 
has to create the "gif0" generic interface before one can tell it to start 
tunneling.  In both FreeBSD 4.x and 5.x, I believe this is accomplished via 
the command:
  ifconfig gif0 create
Also, the handbook gives the commands for 4.x while stating that the 
functionality of "gifconfig" has been merged into "ifconfig" in 5.x.  Giving 
the actual commands to run in 5.x might be nice; instead of
  gifconfig gif0 A.B.C.D W.X.Y.Z
one must use
  ifconfig gif0 tunnel A.B.C.D W.X.Y.Z
On a similar note, the summary at the end of Section 14.10.3.1 changes 
slightly for 5.x.  The gif tunnel must be created explicitly in /etc/rc.conf, 
so the 4 lines listed as necessary need to be instead 5, the first of which 
is
  gif_interfaces="gif0"

Finally, the "netmask" argument to the "route" command should actually be 
"-netmask" (the dash is missing); I believe this is the case under 4.x as 
well as 5.x.  Section 14.10.3.1 mentions the "route" command twice: once in 
the step-by-step instructions and once in the summary.

Hopefully I've been clear enough about what I feel needs to be modified; the 
elisions are small but their correction may save people some time.  Overall, 
I've been extremely impressed with the quality of the FreeBSD project, and I 
look forward to working with (and, eventually, contributing to) FreeBSD in 
the future.

Joe Devietti