Index: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
===================================================================
--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml
@@ -2127,8 +2127,9 @@
information on the IPsec subsystem in
&os;.
- To add IPsec support to the kernel, add
- the following options to the custom kernel configuration file
+ IPsec support is enabled by default on &os; 11 and newer.
+ To add IPsec support to the kernel of older &os; releases,
+ add the following options to the custom kernel configuration file
and rebuild the kernel using the instructions in :
@@ -2271,10 +2272,10 @@
network. The following commands will achieve this
goal:
- &prompt.root; corp-net# route add 10.0.0.0 10.0.0.5 255.255.255.0
-&prompt.root; corp-net# route add net 10.0.0.0: gateway 10.0.0.5
-&prompt.root; priv-net# route add 10.246.38.0 10.246.38.1 255.255.255.0
-&prompt.root; priv-net# route add host 10.246.38.0: gateway 10.246.38.1
+ corp-net&prompt.root; route add 10.0.0.0 10.0.0.5 255.255.255.0
+corp-net&prompt.root; route add net 10.0.0.0: gateway 10.0.0.5
+priv-net&prompt.root; route add 10.246.38.0 10.246.38.1 255.255.255.0
+priv-net&prompt.root; route add host 10.246.38.0: gateway 10.246.38.1
At this point, internal machines should be reachable from
each gateway as well as from machines behind the gateways.