IPsec Documentation
Chip Marshall
chip at 2bithacker.net
Mon Dec 28 22:32:06 UTC 2015
Good afternoon,
Documentation newbie here, but I've been thinking of updating section
13.7.1 (Configuring a VPN on FreeBSD) of the Handbook for a few reasons,
but figured I should touch base here first and make sure I'm not
duplicating effort or stepping on any toes.
Motivators:
- The existing racoon.conf in the handbook uses a deprecated syntax for
remote and sainfo declarations.
- It also indicates the use of weak ciphers (3DES and MD5)
- It describes setting up an IP-IP tunnel over tunnel-mode IPsec, which
is redundant, only need to use one or the other.
- Lacks any description of the referenced psk.txt file, which could be
confusing for a newcomer
With the introduction of IPsec into the GENERIC kernel, I
figured it would be good to get this section of the handbook
revised a bit.
As a side note, I noticed there's a fair amount of use of RFC 1918
space (10/8, 192.168/16, etc) in the Handbook. Is there any
interest in revising it to use RFC 5737 space instead? That's dedicated
documentation space that is never supposed to be used in a live network.
There's a corresponding IPv6 space as well, defined in RFC 3849.
Thanks in advance for any input.
--
Chip Marshall <chip at 2bithacker.net>
http://2bithacker.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-doc/attachments/20151228/bedfd5f1/attachment.sig>
More information about the freebsd-doc
mailing list