vpn-gateway: more small corrections

1 files changed, 14 insertions, 15 deletions

diff --git a/content/posts/openbsd-vpn-gateway/index.org b/content/posts/openbsd-vpn-gateway/index.org
index 41cd60c..9d5bcd2 100644
--- a/content/posts/openbsd-vpn-gateway/index.org
+++ b/content/posts/openbsd-vpn-gateway/index.org
@@ -185,8 +185,8 @@
 ** rcctl
 
    We can now set the OpenVPN daemon to launch at boot with our
-   modified profile using =rcctl=. =rcctl= is a tool that comes with
-   OpenBSD which modifies =/etc/rc.conf.local= on our behalf to
+   modified profile using [[https://man.openbsd.org/man8/rcctl.8][=rcctl(8)=]]. =rcctl= is a tool that comes
+   with OpenBSD which modifies =/etc/rc.conf.local= on our behalf to
    ensure it's done properly. The use of =rcctl= is not strictly
    required, but highly recommended.
 
@@ -201,15 +201,14 @@
 
    - =rcctl set openvpn flags --config /root/profile.ovpn= sets the
      launch flags for =openvpn= to =--config /root/profile.ovpn=. This
-     is an OpenVPN option that tells it to load its config from
-     =/root/profile.ovpn=.
+     is an OpenVPN option that tells it to load our config.
 
    - =rcctl start openvpn= starts the =openvpn= daemon.
 
    If things are configured correctly, we should now see a =tun=
-   device in our =ifconfig=, and our traffic should be going through
-   the VPN. To check this we can make a request to a service like
-   https://icanhazip.com or https://ifconfig.so using the =ftp=
+   device in our =ifconfig= output, and our traffic should be going
+   through the VPN. To check this we can make a request to a service
+   like https://icanhazip.com or https://ifconfig.so using the =ftp=
    command.
 
    #+BEGIN_SRC shell
@@ -218,7 +217,7 @@
 
    It should output an IP that belongs to our VPN provider.
 
-   We can also check =/var/log/daemon= to check that OpenVPN is
+   We can also look at =/var/log/daemon= to check that OpenVPN is
    outputting logs.
 
    OpenVPN should have already reconfigured the our routing table to
@@ -257,7 +256,8 @@
   a single external (WAN) IP address. We do this using OpenBSD's
   firewall, PF.
 
-  This is what our new [[http://man.openbsd.org/man5/pf.conf.5][=pf.conf(5)=]] will look like.
+  To modify the behaviour of PF, we edit our system's
+  [[http://man.openbsd.org/man5/pf.conf.5][=pf.conf(5)=]]. This is what it will look like.
 
   #+BEGIN_SRC c
   set skip on lo
@@ -312,8 +312,7 @@
 
   - =block return out log proto {tcp udp} user _pbuild= This is
     another default rule, left in for security reasons. It stops the
-    =_pbuild= user from accessing the internet. This is to stop ports
-    builds from accessing any resources online.
+    =_pbuild= user from accessing the internet.
 
   - =ext_if = "vio0"= We use this macro to set the external interface
     name. This is done so we only have to set the name of the
@@ -343,7 +342,7 @@
       rules, and have them all apply.
 
     - =out on $vpn_if from $ext_if:network to any= This tells the
-      =match= command which packets it should apply the option to.
+      =match= command which packets it should apply the option to:
 
       - =out on $vpn_if= Packets going out on =$vpn_if=, which gets
         evaluated to =tun0=.
@@ -430,9 +429,9 @@
    The situation for Linux servers is a bit more of a mess. As covered
    in the previously linked article, Ubuntu now likes to use the
    =netplan= framework, while others like Fedora may prefer =nmcli= as
-   stated in [[https://linuxconfig.org/how-to-configure-static-ip-address-on-fedora-31][this]] article, or =network-scripts= as states [[https://www.systutorials.com/how-to-set-the-static-ip-address-using-cli-in-fedoracentos-linux/][here]]. If you
-   take this path it's recommended you look into how it should be done
-   on your specific Linux distribution.
+   stated in [[https://linuxconfig.org/how-to-configure-static-ip-address-on-fedora-31][this]] article, or =network-scripts= as stated [[https://www.systutorials.com/how-to-set-the-static-ip-address-using-cli-in-fedoracentos-linux/][here]]. If you
+   wish to set this up on a Linux sever, it's recommended you look
+   into how it should be done on your specific Linux distribution.
 
 ** Containers/Jails
    Most graphical LXC container or Jail host software like [[https://www.proxmox.com/en/proxmox-ve][Proxmox-VE]]