On Fri, Feb 21, 2020 at 10:28:50PM +0000, Jason McIntyre wrote: > it should be "a gre tunnel", not "an" Sure, leftover from previous wording/reshuffling.
> > +.Xr gre 4 > > +tunnel from the local machine A to peer D using FQDN based public key > > probably s/the local machine A/local machine A/ (as you do for peer D) > maybe "FQDN-based", since similar instances exist in this page: Both reads better, thanks. > you should try to not split a sentence with a comma. if it's a list you > can do: I went with a semicolon. OK? Index: iked.conf.5 =================================================================== RCS file: /cvs/src/sbin/iked/iked.conf.5,v retrieving revision 1.63 diff -u -p -r1.63 iked.conf.5 --- iked.conf.5 21 Feb 2020 15:17:34 -0000 1.63 +++ iked.conf.5 21 Feb 2020 23:25:01 -0000 @@ -990,6 +990,23 @@ ikev2 "subnet" esp from 10.0.3.0/24 to 1 ikev2 esp from 10.0.5.0/30 to 10.0.5.4/30 peer 192.168.1.2 ikev2 esp from 10.0.5.8/30 to 10.0.5.12/30 peer 192.168.1.3 .Ed +.Pp +This example encrypts a +.Xr gre 4 +tunnel from local machine A to peer D using FQDN-based public key +authentication. +.Ar transport +mode is used to avoid duplicate encapsulation of GRE; +.Ar dstid +is set explicitly to the peer's FQDN such that its public key is looked up even +if the peer does not send its FQDN as peer ID: +.Bd -literal -offset indent +ikev2 transport \e + proto gre \e + from A.example.com to D.example.com \e + peer D.example.com \e + dstid D.example.com +.Ed .Sh SEE ALSO .Xr enc 4 , .Xr ipsec 4 ,
