From owner-freebsd-doc@FreeBSD.ORG  Tue Jun 12 14:46:51 2007
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
X-Original-To: doc@freebsd.org
Delivered-To: freebsd-doc@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id C1E2E16A41F;
	Tue, 12 Jun 2007 14:46:51 +0000 (UTC)
	(envelope-from phk@critter.freebsd.dk)
Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222])
	by mx1.freebsd.org (Postfix) with ESMTP id 6483F13C44B;
	Tue, 12 Jun 2007 14:46:51 +0000 (UTC)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (unknown [192.168.61.3])
	by phk.freebsd.dk (Postfix) with ESMTP id CAC8817380;
	Tue, 12 Jun 2007 14:46:49 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.14.1/8.14.1) with ESMTP id l5CEkweW042161;
	Tue, 12 Jun 2007 14:46:58 GMT (envelope-from phk@critter.freebsd.dk)
To: Marc Fonvieille <blackend@freebsd.org>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
In-Reply-To: Your message of "Tue, 12 Jun 2007 16:29:32 +0200."
	<20070612142932.GA995@gothic.blackend.org> 
Date: Tue, 12 Jun 2007 14:46:58 +0000
Message-ID: <42160.1181659618@critter.freebsd.dk>
Sender: phk@critter.freebsd.dk
Cc: gnn@freebsd.org, doc@freebsd.org
Subject: Re: HOWTO setup a simple IPSEC tunnel 
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jun 2007 14:46:51 -0000

In message <20070612142932.GA995@gothic.blackend.org>, Marc Fonvieille writes:

>Interesting.  One should look how this can be used with
>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html
>(which I suspect to contain wrong/outdated infos).

I am not going to be a judge on the political correct way to
use IPSEC, but the stuff in the handbook at the very least needs
a significant update.

A general tendency in all examples of how to set up IPsec that
I found, seems to be that people don't actually understand how
it works, so the blindly copy examples and set options to
their default settings etc.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.