linux-ipsec: mini-howto

On Tue, Sep 08, 1998, Michael H. Warfield boldly stated
> Hello...
Agreed. I keep forgetting that I haven't put title or reasonable structure or any other style info into the document yet. I'll try to get that sometime later this week. My working title has been vpn_ipsec.howto, intending to use something like "How to set up a VPN using Ipsec" or perhaps using FreeSwan - I am not sure what it ought to read, quite.

I do not think the thing ought to be titled Ipsec mini-howto or even Freeswan mini-howto: That is useful for documents included in the package but not for someone who just knows they need to set up a VPN and wants to know how to accomplish such a thing. Suggestions are, of course, welcome.

By the way - the location mentioned for the custom utilities from the VPN Mini-Howto does not seem to accept anonymous ftp anymore, and I was unable to locate the utilities when I searched for the several months ago. I originally intended this document to be added to the existing one, but my e-mail to that maintainer have gone unanswered, and it is an entirely different approach here.

> As far as a VPN Mini-Howto goes... I think that there are enough

While such a beast would indeed be a nice thing, I certainly do not know enough to write one. The main reason that I am using freeswan instead of cipe, ipnsec, or the method mentioned in the other mini-howto is this mailing list - I came to this with no knowledge of crypto at all and found here the help I needed to get a functional VPN setup. I don't see docs anywhere else that are helpful enough for my level of knowledge.

I do not think that I have the freeswan implementation documented well enough even in the simple out-of-the-box case that is presented. However, it is documentation of the path I took to go from empty machines to a functional setup, all in one place and arranged in the order that I had to follow to make it work.

I was hoping for some more comments on the technical aspects before I attempt to send it off to the LDP. Yes, I realize that the developers are quite busy, and I appreciate that work. I canot participate, so I will continue to attempt to improve the documentation.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

That said, here are the changes that I know need made to the document:

 Title
 Format to match LDP style
 Fix the obnoxious typo regarding network classes - done  Put in some information on how robust and/or trustable the software is. I   have some information from Henry Spencer and Hugh Redelmeier that I will be   adding soon. Unfortunately, much of it is still questions that should be   asked before someone trusts this with their data - but there are those of us   who find the capability worth the potential problems so long as we are aware   of them.
 Add a section on hand-keying. This section would get reworked as soon as the   next release is out, as a new hand-keying script has been added. I find   Henry Spencer's approach superior to the one I had set up, so I want to   document that one and trash mine.
 A section on troubleshooting would be helpful, but I have nothing to go on.  A section on Pluto should be included, but I don't have any useful docs to   me. The only reason that I am using Pluto instead of manual keying is the   script that was set up nicely in the 0.90 release.

The last 3 may well be added to the document only in a to-do section until I know enough to put something useful there.

I should have a second draft out later this week, or Monday if that fails.

-- 
 Randy Dees                | SCA:  Talorgen nei Wrguist	       
 Systems Administrator     |  Barony of Rhydderich Hael    
 Amherst Systems, Inc.     |  Kingdom of AEthelmearc