Date: Sun, 11 Jun 2017 15:53:33 +0000 (UTC) From: Sevan Janiyan <sevan@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r50359 - head/en_US.ISO8859-1/books/handbook/security Message-ID: <201706111553.v5BFrXgP061374@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sevan Date: Sun Jun 11 15:53:33 2017 New Revision: 50359 URL: https://svnweb.freebsd.org/changeset/doc/50359 Log: Add a note that FreeBSD 11 & newer have IPsec support enabled by default (no need to build a kernel). Set hostnames for different hosts before the &prompt.root; macro rather than in user input section. This resolves issue with double prompts in generated page. Approved by: bcr (mentor) Differential Revision: https://reviews.freebsd.org/D11143 Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Sun Jun 11 14:43:24 2017 (r50358) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Sun Jun 11 15:53:33 2017 (r50359) @@ -2127,8 +2127,9 @@ Connection closed by foreign host.</screen> information on the <acronym>IPsec</acronym> subsystem in &os;.</para> - <para>To add <acronym>IPsec</acronym> support to the kernel, add - the following options to the custom kernel configuration file + <para><acronym>IPsec</acronym> support is enabled by default on &os; 11 and newer. + To add <acronym>IPsec</acronym> support to the kernel of older &os; releases, + add the following options to the custom kernel configuration file and rebuild the kernel using the instructions in <xref linkend="kernelconfig"/>:</para> @@ -2271,10 +2272,10 @@ round-trip min/avg/max/stddev = 28.106/94.594/154.524/ network. The following commands will achieve this goal:</para> - <screen>&prompt.root; <userinput>corp-net# route add <replaceable>10.0.0.0 10.0.0.5 255.255.255.0</replaceable></userinput> -&prompt.root; <userinput>corp-net# route add net <replaceable>10.0.0.0: gateway 10.0.0.5</replaceable></userinput> -&prompt.root; <userinput>priv-net# route add <replaceable>10.246.38.0 10.246.38.1 255.255.255.0</replaceable></userinput> -&prompt.root; <userinput>priv-net# route add host <replaceable>10.246.38.0: gateway 10.246.38.1</replaceable></userinput></screen> + <screen>corp-net&prompt.root; <userinput>route add <replaceable>10.0.0.0 10.0.0.5 255.255.255.0</replaceable></userinput> +corp-net&prompt.root; <userinput>route add net <replaceable>10.0.0.0: gateway 10.0.0.5</replaceable></userinput> +priv-net&prompt.root; <userinput>route add <replaceable>10.246.38.0 10.246.38.1 255.255.255.0</replaceable></userinput> +priv-net&prompt.root; <userinput>route add host <replaceable>10.246.38.0: gateway 10.246.38.1</replaceable></userinput></screen> <para>At this point, internal machines should be reachable from each gateway as well as from machines behind the gateways.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201706111553.v5BFrXgP061374>