X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=blobdiff_plain;f=README;h=58f865d3077afb8d1df7fb12ea954ea42480aa3f;hp=101e4838cdb9262140b7e6681500270f78122de3;hb=41fbde45442f2e33beebb4e0b6075a1d6a9ad948;hpb=123fdf700a03825946dd227d43935cad49e01da6 diff --git a/README b/README index 101e483..58f865d 100644 --- a/README +++ b/README @@ -81,7 +81,7 @@ Contents strongSwan is an OpenSource IPsec solution for the Linux operating system and currently supports the following features: - * runs both on Linux 2.4 (KLIPS) and Linux 2.6 (native IPsec) kernels. + * runs on Linux 2.6 (native IPsec) kernels. * strong 3DES, AES, Serpent, Twofish, or Blowfish encryption. @@ -138,7 +138,7 @@ interoperability with the Check Point VPN-1 NG gateway. In the following examples we assume for reasons of clarity that left designates the local host and that right is the remote host. Certificates for users, hosts -and gateways are issued by a ficticious strongSwan CA. How to generate private keys +and gateways are issued by a fictitious strongSwan CA. How to generate private keys and certificates using OpenSSL will be explained in section 3. The CA certificate "strongswanCert.pem" must be present on all VPN end points in order to be able to authenticate the peers. @@ -1959,7 +1959,7 @@ and the returned result might be a decrypted 128 bit AES key 000 8836362e030e6707c32ffaa0bdad5540 The leading three characters represent the return code of the whack channel -with 000 signifying that no error has occured. Here is another example showing +with 000 signifying that no error has occurred. Here is another example showing the use of the inbase and outbase attributes ipsec scdecrypt m/ewDnTs0k...woE= --inbase base64 --outbase text @@ -2195,7 +2195,7 @@ The command ipsec listpubkeys [--utc] lists all public keys currently installed in the chained list of public -keys. These keys were statically loaded from ipsec.conf or aquired either +keys. These keys were statically loaded from ipsec.conf or acquired either from received certificates or retrieved from secure DNS servers using opportunistic mode. @@ -2656,9 +2656,6 @@ with the line and can be used when the following prerequisites are fulfilled: - - Linux 2.4.x kernel, KLIPS IPsec stack, and arbitrary iptables version. - Filtering of tunneled traffic is based on ipsecN interfaces. - - Linux 2.6.16 kernel or newer, native NETKEY IPsec stack, and iptables-1.3.5 or newer. Filtering of tunneled traffic is based on IPsec policy matching rules.