Documentation UPdates

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1948 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-02-06 19:21:18 +00:00 · 2005-02-06 19:21:18 +00:00 · 6e0ca3444f
commit 6e0ca3444f
parent 5428994760
3 changed files with 25 additions and 8 deletions
--- a/Shorewall-docs2/IPSEC-2.6.xml
+++ b/Shorewall-docs2/IPSEC-2.6.xml
@ -15,11 +15,13 @@
      </author>
    </authorgroup>

-    <pubdate>2004-12-26</pubdate>
+    <pubdate>2005-02-06</pubdate>

    <copyright>
      <year>2004</year>

+      <year>2005</year>
+
      <holder>Thomas M. Eastep</holder>
    </copyright>

@ -326,6 +328,13 @@ spdadd 134.28.54.2/32   206.162.148.9/32 any -P in  ipsec esp/tunnel/134.28.54.2
    <para>The <filename>setkey.conf</filename> file on gateway B would be
    similar.</para>

+    <caution>
+      <para>If you are running kernel 2.6.10 or later, then you need
+      ipsec-tools (and racoon) 0.5 or later and you need to add <emphasis
+      role="bold">-P fwd</emphasis> rules -- see <ulink
+      url="http://www.ipsec-howto.org/x277.html">http://www.ipsec-howto.org/x277.html</ulink>.</para>
+    </caution>
+
    <para>A sample <filename>/etc/racoon/racoon.conf</filename> file using
    X.509 certificates might look like:</para>

--- a/Shorewall-docs2/OPENVPN.xml
+++ b/Shorewall-docs2/OPENVPN.xml
@ -21,11 +21,15 @@
      </author>
    </authorgroup>

-    <pubdate>2004-12-27</pubdate>
+    <pubdate>2005-01-29</pubdate>

    <copyright>
      <year>2003</year>

+      <year>2004</year>
+
+      <year>2005</year>
+
      <holder>Simon Mater</holder>

      <holder>Thomas M. Eastep</holder>
@ -362,8 +366,8 @@ persist-key
 verb 3</programlisting>
    </blockquote>

-    <para>If you want multiple remote clients to be able to communicate with
-    each other then you must:</para>
+    <para>If you want multiple remote clients to be able to communicate openly
+    with each other then you must:</para>

    <orderedlist>
      <listitem>
@ -377,5 +381,10 @@ verb 3</programlisting>
        url="Documentation.htm#Interfaces">/etc/shorewall/interfaces</ulink>.</para>
      </listitem>
    </orderedlist>
+
+    <para>If you want to selectively allow communication between the clients,
+    then see <ulink
+    url="http://www.iut-lannion.fr/ZONZON/memos_index.php?part=Network&amp;section=WRTMemo&amp;subsec=vpnwithshorewall">this
+    article</ulink> by Marc Zonzon</para>
  </section>
 </article>
--- a/Shorewall-docs2/myfiles.xml
+++ b/Shorewall-docs2/myfiles.xml
@ -124,10 +124,9 @@
    <para>The firewall system itself runs a DHCP server that serves the local
    network.</para>

-    <para>I have one system (Roadwarrior, 206.124.146.179) outside the
-    firewall. This system, which runs Debian Sarge (testing) is used for
-    roadwarrior VPN testing and for checking my firewall "from the
-    outside".</para>
+    <para>I have one system (Remote, 206.124.146.179) outside the firewall.
+    This system, which runs Debian Sarge (testing) is used for roadwarrior VPN
+    testing and for checking my firewall "from the outside".</para>

    <para>All administration and publishing is done using ssh/scp. I have a
    desktop environment installed on the firewall but I am not usually logged