From 8d9b1d50d1aadf63a91fd694fe55b5c9d72fd58b Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 21 Jan 2012 05:51:28 -0800 Subject: [PATCH] Change zone ordering in the IPSEC doc. - Place net before vpn so that pppoe users who blindly copy examples won't get mis-ordered nested zones. Signed-off-by: Tom Eastep --- docs/IPSEC-2.6.xml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/IPSEC-2.6.xml b/docs/IPSEC-2.6.xml index 77e489a7d..70d288253 100644 --- a/docs/IPSEC-2.6.xml +++ b/docs/IPSEC-2.6.xml @@ -238,7 +238,7 @@ Suppose that we have the following situation: - + We want systems in the 192.168.1.0/24 sub-network to be able to communicate with systems in the 10.0.0.0/8 network. We assume that on both @@ -297,8 +297,8 @@ ipsec net 206.162.148.9 #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS -vpn ipv4 net ipv4 +vpn ipv4 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE @@ -481,7 +481,7 @@ sec ipsec mode=tunnel mss=1400 - + Road Warrior VPN @@ -495,8 +495,8 @@ sec ipsec mode=tunnel mss=1400#ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS -vpn ipsec net ipv4 +vpn ipsec loc ipv4 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE @@ -718,9 +718,9 @@ RACOON=/usr/sbin/racoon #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS -vpn ipsec -l2tp ipv4 net ipv4 +vpn ipsec +l2tp ipv4 loc ipv4 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE @@ -827,9 +827,9 @@ HTTPS(ACCEPT) l2tp $FW hosts in that network. In that case, IPSEC transport mode is an appropriate solution. - Here's an example - using the ipsec-tools package. The files shown are from host - 192.168.20.10; the configuration of the other nodes is similar. + Here's an example using + the ipsec-tools package. The files shown are from host 192.168.20.10; the + configuration of the other nodes is similar.
/etc/racoon/racoon.conf: