Fix the language, add more references. General cleanup.

1 files changed, 23 insertions, 21 deletions

diff --git a/share/man/man8/vpn.8 b/share/man/man8/vpn.8
index 4d1e61ff6a8..891510346d4 100644
--- a/share/man/man8/vpn.8
+++ b/share/man/man8/vpn.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: vpn.8,v 1.3 1998/06/02 09:18:33 provos Exp $
+.\" $OpenBSD: vpn.8,v 1.4 1998/06/29 05:56:28 angelos Exp $
 .\" Copyright 1998 Niels Provos <provos@physnet.uni-hamburg.de>
 .\" All rights reserved.
 .\"
@@ -36,14 +36,13 @@
 .Nm vpn
 .Nd configuring the system for virtual private networks
 .Sh DESCRIPTION
-A virtual private network is used to connect two or more subnets via the
-internet. For each subnet there is a security gateway which is connected
-via a cryptographically secured tunnel to the security gateway of the other
-subnet. In
-.Ox
+A virtual private network is used to securely connect two or more subnets
+over the internet. For each subnet there is a security gateway which is
+linked via a cryptographically secured tunnel to the security gateway of
+the other subnet.
 .Xr ipsec 4
-is used to provide the necessary cryptographical services. This document
-describes the configuration process for setting up a 
+is used to provide the necessary network-layer cryptographic services.
+This document describes the configuration process for setting up a 
 .Nm VPN .
 .Pp
 Both subnets need to configure
@@ -62,25 +61,26 @@ and on the security gateway of subnet B:
 ipsecadm flow -dst gatewA -spi 1 -addr netB netBmask netA netAmask -local
 .Ed
 .Pp
-Additionally both security gateways need to start the
+Furthermore, both security gateways need to start the
 .Xr photurisd 8
 key management daemon with the
 .Fl v
-flag and have to make sure that it is configured properly on both sides to 
-provide encryption and authentication.
+flag and need to make sure that it is configured properly on both sides to 
+provide the required security services (typically, encryption and
+authentication).
 .Pp
-Now
 .Xr ipf 1
-needs to be configured that all packets from the outside are blocked.
-Only packets from the security gateways either on the
+needs to be configured such that all packets from the outside are blocked.
+Only packets from the security gatewaysm either on the
 .Pa enc0
-interface or 
+interface (successfully IPsec-processed packets) or 
 .Tn UDP
-packets with source and remote ports of 468
-should be allowed in.
+packets with source and remote ports of 468 (Photuris) should be allowed in.
 .Pp 
-The ipf rules for a tunnel which only uses ESP on security gateway A 
-might look like this:
+The
+.Xr ipf 5
+rules for a tunnel which only uses encryption (the ESP IPsec protocol)
+on security gateway A might look like this:
 .Bd -literal
 # ed0 is the only interface going to the outside.
 block in log on ed0 from any to any
@@ -99,10 +99,12 @@ pass in on ed0 proto udp from gatewB/32 port = 468 to gatewA/32 port = 468
 pass out on ed0 proto udp from gatewA/32 port = 468 to gatewB/32 port = 468
 .Ed
 .Pp
-If there are no more ipf rules the quick clause can be added to the last
-three rules.
+If there are no other
+.Xr ipf 5
+rules, the "quick" clause can be added to the last three rules.
 .Sh SEE ALSO
 .Xr ipf 1 ,
+.Xr ipf 5 ,
 .Xr ipsecadm 1 ,
 .Xr ipsec 4 ,
 .Xr photurisd 8 .