diff options
| author | Jason McIntyre <jmc@cvs.openbsd.org> | 2005-04-12 16:03:09 +0000 |
|---|---|---|
| committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2005-04-12 16:03:09 +0000 |
| commit | df142819b3d1028518b52af7e7b7548ee8a1b252 (patch) | |
| tree | b0c73bdb53693d5e082520203fabdde820d4dfa0 /share/man/man8 | |
| parent | 77712da42323afdeb719e34c69d44e7ac77c45c0 (diff) | |
remove /32 netmasks as they're confusing and not needed;
ok hshoexer@
Diffstat (limited to 'share/man/man8')
| -rw-r--r-- | share/man/man8/vpn.8 | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/share/man/man8/vpn.8 b/share/man/man8/vpn.8 index b8a29ef1c31..4943f3d39ff 100644 --- a/share/man/man8/vpn.8 +++ b/share/man/man8/vpn.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: vpn.8,v 1.77 2005/04/02 00:17:58 jmc Exp $ +.\" $OpenBSD: vpn.8,v 1.78 2005/04/12 16:03:08 jmc Exp $ .\" .\" Copyright 1998 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. @@ -208,8 +208,8 @@ rules for a tunnel which uses encryption (the ESP IPsec protocol) and .Xr isakmpd 8 on security gateway A might look like this: .Bd -literal -offset indent -GATEWAY_A = "192.168.1.254/32" -GATEWAY_B = "192.168.2.1/32" +GATEWAY_A = "192.168.1.254" +GATEWAY_B = "192.168.2.1" NETWORK_A = "10.0.50.0/24" NETWORK_B = "10.0.99.0/24" @@ -301,8 +301,8 @@ Create the matching IPsec flows on machine B: Configure the firewall rules on machine A using the previously defined ruleset: .Bd -literal -offset indent -GATEWAY_A = "192.168.1.254/32" -GATEWAY_B = "192.168.2.1/32" +GATEWAY_A = "192.168.1.254" +GATEWAY_B = "192.168.2.1" NETWORK_A = "10.0.50.0/24" NETWORK_B = "10.0.99.0/24" @@ -312,8 +312,8 @@ NETWORK_B = "10.0.99.0/24" Configure the firewall rules on machine B, modifying the definitions as appropriate: .Bd -literal -offset indent -GATEWAY_B = "192.168.1.254/32" -GATEWAY_A = "192.168.2.1/32" +GATEWAY_B = "192.168.1.254" +GATEWAY_A = "192.168.2.1" NETWORK_B = "10.0.50.0/24" NETWORK_A = "10.0.99.0/24" @@ -503,18 +503,18 @@ port 500. For machineA, add: .Bd -literal -offset indent # Permit ISAKMPD control traffic between A and B -pass in proto udp from 192.168.2.1/32 to 192.168.1.254/32 \e +pass in proto udp from 192.168.2.1 to 192.168.1.254 \e port = 500 -pass out proto udp from 192.168.1.254/32 to 192.168.2.1/32 \e +pass out proto udp from 192.168.1.254 to 192.168.2.1 \e port = 500 .Ed .Pp For machineB, add: .Bd -literal -offset indent # Permit ISAKMPD control traffic between A and B -pass in proto udp from 192.168.1.254/32 to 192.168.2.1/32 \e +pass in proto udp from 192.168.1.254 to 192.168.2.1 \e port = 500 -pass out proto udp from 192.168.2.1/32 to 192.168.1.254/32 \e +pass out proto udp from 192.168.2.1 to 192.168.1.254 \e port = 500 .Ed .It |