diff options
| author | Jason McIntyre <jmc@cvs.openbsd.org> | 2005-04-14 09:10:13 +0000 |
|---|---|---|
| committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2005-04-14 09:10:13 +0000 |
| commit | c8a08efdd5666b707a7ac996549f761c2f763d03 (patch) | |
| tree | deb1cb34a1a04064b8733161c57f761d22b9c3f7 /share/man/man8/vpn.8 | |
| parent | 74ad96b98094898711283863125299a87c561cd7 (diff) | |
we already have a section on configuring firewall rules, so refer to it
in EXAMPLES rather than reproducing info (and confusing people);
make the firewall section of manual and automatic keying the same;
this also fixes an issue reported by steve murdoch back in november,
that parts of vpn(8) were repeating themselves; sorry to take so long to
fix this, steve;
Diffstat (limited to 'share/man/man8/vpn.8')
| -rw-r--r-- | share/man/man8/vpn.8 | 45 |
1 files changed, 20 insertions, 25 deletions
diff --git a/share/man/man8/vpn.8 b/share/man/man8/vpn.8 index cc09628300c..be9ec6f8b0e 100644 --- a/share/man/man8/vpn.8 +++ b/share/man/man8/vpn.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: vpn.8,v 1.82 2005/04/14 08:46:16 jmc Exp $ +.\" $OpenBSD: vpn.8,v 1.83 2005/04/14 09:10:12 jmc Exp $ .\" .\" Copyright 1998 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. @@ -313,7 +313,7 @@ GATEWAY_B = "192.168.2.1" NETWORK_A = "10.0.50.0/24" NETWORK_B = "10.0.99.0/24" -(rest of ruleset) +(rest of ruleset per Configuring Firewall Rules, above) .Ed .It Configure the firewall rules on machine B, modifying the @@ -324,7 +324,7 @@ GATEWAY_B = "192.168.1.254" NETWORK_A = "10.0.99.0/24" NETWORK_B = "10.0.50.0/24" -(rest of ruleset) +(rest of ruleset, modified as appropriate) .Ed .El .Ss Automated keying @@ -498,31 +498,26 @@ Conditions: app_domain == "IPsec policy" && esp_enc_alg != "null" -> "true"; .Ed .It -Configure the firewall rules on machines A and B: -.Pp -Use the same ruleset as the manual keying example, but add permission -for the -.Xr isakmpd 8 -control traffic, on -.Tn UDP -port 500. -.Pp -For machineA, add: +Configure the firewall rules on machine A +using the previously defined ruleset: .Bd -literal -offset indent -# Permit ISAKMPD control traffic between A and B -pass in proto udp from 192.168.2.1 to 192.168.1.254 \e - port = 500 -pass out proto udp from 192.168.1.254 to 192.168.2.1 \e - port = 500 +GATEWAY_A = "192.168.1.254" +GATEWAY_B = "192.168.2.1" +NETWORK_A = "10.0.50.0/24" +NETWORK_B = "10.0.99.0/24" + +(rest of ruleset per Configuring Firewall Rules, above) .Ed -.Pp -For machineB, add: +.It +Configure the firewall rules on machine B, modifying the +definitions as appropriate: .Bd -literal -offset indent -# Permit ISAKMPD control traffic between A and B -pass in proto udp from 192.168.1.254 to 192.168.2.1 \e - port = 500 -pass out proto udp from 192.168.2.1 to 192.168.1.254 \e - port = 500 +GATEWAY_A = "192.168.2.1" +GATEWAY_B = "192.168.1.254" +NETWORK_A = "10.0.99.0/24" +NETWORK_B = "10.0.50.0/24" + +(rest of ruleset, modified as appropriate) .Ed .It Start |