From c405bc37679b21fd21b9c68d4b77ce22f92447ae Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 16 Nov 2020 08:03:39 +0100 Subject: ipsec: fix toc level --- docs/vpn/ipsec.rst | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'docs/vpn') diff --git a/docs/vpn/ipsec.rst b/docs/vpn/ipsec.rst index 8b0ad3b3..647f3753 100644 --- a/docs/vpn/ipsec.rst +++ b/docs/vpn/ipsec.rst @@ -4,9 +4,9 @@ IPsec ##### -Generic Routing Encapsulation (GRE), GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any -other stateless tunnel protocol over IPsec) is the usual way to protect the -traffic inside a tunnel. +:abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, +SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way +to protect the traffic inside a tunnel. An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing @@ -26,11 +26,12 @@ what needs to be changed to make it work with a different protocol. We assume that IPsec will use pre-shared secret authentication and will use AES128/SHA1 for the cipher and hash. Adjust this as necessary. -.. NOTE:: VMware users should ensure that VMXNET3 adapters used, e1000 adapters - have known issue with GRE processing +.. NOTE:: VMware users should ensure that a VMXNET3 adapter is used. E1000 + adapters have known issues with GRE processing. +************************* IPsec policy matching GRE -^^^^^^^^^^^^^^^^^^^^^^^^^ +************************* The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if -- cgit v1.2.3