diff options
author | Sevan Janiyan <sevan@FreeBSD.org> | 2017-06-11 15:53:33 +0000 |
---|---|---|
committer | Sevan Janiyan <sevan@FreeBSD.org> | 2017-06-11 15:53:33 +0000 |
commit | 78f5ee2feeff7a292454cc4777c3da3ae4ac88cd (patch) | |
tree | 0ea9c9e158c67c5354598b2e677bff4015072552 /en_US.ISO8859-1/books/handbook | |
parent | b60ac2762cdf4598cbc530434756f17ea94984b0 (diff) | |
download | doc-78f5ee2feeff7a292454cc4777c3da3ae4ac88cd.tar.gz doc-78f5ee2feeff7a292454cc4777c3da3ae4ac88cd.zip |
Add a note that FreeBSD 11 & newer have IPsec support enabled by default (no need to build a kernel).
Set hostnames for different hosts before the &prompt.root; macro rather than in user input section.
This resolves issue with double prompts in generated page.
Approved by: bcr (mentor)
Differential Revision: https://reviews.freebsd.org/D11143
Notes
Notes:
svn path=/head/; revision=50359
Diffstat (limited to 'en_US.ISO8859-1/books/handbook')
-rw-r--r-- | en_US.ISO8859-1/books/handbook/security/chapter.xml | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.xml b/en_US.ISO8859-1/books/handbook/security/chapter.xml index 6cc7edd5e3..394d082cad 100644 --- a/en_US.ISO8859-1/books/handbook/security/chapter.xml +++ b/en_US.ISO8859-1/books/handbook/security/chapter.xml @@ -2127,8 +2127,9 @@ Connection closed by foreign host.</screen> information on the <acronym>IPsec</acronym> subsystem in &os;.</para> - <para>To add <acronym>IPsec</acronym> support to the kernel, add - the following options to the custom kernel configuration file + <para><acronym>IPsec</acronym> support is enabled by default on &os; 11 and newer. + To add <acronym>IPsec</acronym> support to the kernel of older &os; releases, + add the following options to the custom kernel configuration file and rebuild the kernel using the instructions in <xref linkend="kernelconfig"/>:</para> @@ -2271,10 +2272,10 @@ round-trip min/avg/max/stddev = 28.106/94.594/154.524/49.814 ms</programlisting> network. The following commands will achieve this goal:</para> - <screen>&prompt.root; <userinput>corp-net# route add <replaceable>10.0.0.0 10.0.0.5 255.255.255.0</replaceable></userinput> -&prompt.root; <userinput>corp-net# route add net <replaceable>10.0.0.0: gateway 10.0.0.5</replaceable></userinput> -&prompt.root; <userinput>priv-net# route add <replaceable>10.246.38.0 10.246.38.1 255.255.255.0</replaceable></userinput> -&prompt.root; <userinput>priv-net# route add host <replaceable>10.246.38.0: gateway 10.246.38.1</replaceable></userinput></screen> + <screen>corp-net&prompt.root; <userinput>route add <replaceable>10.0.0.0 10.0.0.5 255.255.255.0</replaceable></userinput> +corp-net&prompt.root; <userinput>route add net <replaceable>10.0.0.0: gateway 10.0.0.5</replaceable></userinput> +priv-net&prompt.root; <userinput>route add <replaceable>10.246.38.0 10.246.38.1 255.255.255.0</replaceable></userinput> +priv-net&prompt.root; <userinput>route add host <replaceable>10.246.38.0: gateway 10.246.38.1</replaceable></userinput></screen> <para>At this point, internal machines should be reachable from each gateway as well as from machines behind the gateways. |