1 files changed, 24 insertions, 25 deletions

diff --git a/content/posts/openbsd-vpn-gateway/index.org b/content/posts/openbsd-vpn-gateway/index.org
index ce96625..b958bb5 100644
--- a/content/posts/openbsd-vpn-gateway/index.org
+++ b/content/posts/openbsd-vpn-gateway/index.org
@@ -64,8 +64,8 @@
   simple and straight forward. You can pick up the disk =.iso= image
   or USB =.fs= image from the [[https://www.openbsd.org/faq/faq4.html#Download][download]] page on OpenBSD website. If
   this is your first time installing OpenBSD, you should check out the
-  [[https://www.openbsd.org/faq/faq4.html][installation guide]], which goes over the process in detail. You may
-  also want to consider checking out my [[{{< ref openbsd-introduction-talk >}}][Introduction to OpenBSD]] talk.
+  [[https://www.openbsd.org/faq/faq4.html][installation guide]], which goes over the process in detail. I'd also
+  highly recommend checking out my [[{{< ref openbsd-introduction-talk >}}][Introduction to OpenBSD]] talk.
 
 * Configuring a Static IP
 
@@ -118,9 +118,10 @@
 
    First we have to install [[https://openvpn.net/][OpenVPN]], which is provided by the OpenBSD
    package manager. Normally we would install the =openvpn= package,
-   but due to an [[{{< ref "openvpn-issues-openbsd" >}}][issue with libressl]], we'll be installing the =mbedtls=
-   version. This problem should hopefully be resolved soon, so we'll
-   likely be able to use regular =openvpn= in the future.
+   but due to an [[{{< ref "openvpn-issues-openbsd" >}}][issue with libressl]], we'll be installing the
+   =mbedtls= version. This problem should hopefully be resolved soon,
+   so we'll likely be able to use regular =openvpn= package in the
+   future.
 
    #+BEGIN_SRC shell
    doas pkg_add openvpn--mbedtls
@@ -134,18 +135,17 @@
    Let's assume the VPN profile we've downloaded from our provider
    exists in =/root/profile.ovpn=. This could have been downloaded
    using [[https://man.openbsd.org/man1/ftp.1][=ftp(1)=]] or transferred on using [[https://man.openbsd.org/man1/sftp.1][=sftp(1)=]]. Let's say it also
-   requires a username and password supplied by the user, as most
-   commercial VPN providers authenticate users in this way. For this
+   requires a username and password supplied by the user. For this
    example, the username is =user@example.com= and the password is
    =password=.
 
-   To allow OpenVPN to login to the VPN without the us having to enter
-   our password, we can add the =auth-user-pass= directive to our
-   =profile.ovpn= file. This will allow us run OpenVPN as a daemon,
-   and restart it without having to type our username and password in.
+   To allow OpenVPN to login without us having to enter our password,
+   we can add the =auth-user-pass= directive to our =profile.ovpn=
+   file. This will allow us run OpenVPN as a daemon.
 
-   To do this we can create a file called =/root/vpnpasswd.txt= containing
-   our username, followed my our password on a separate line.
+   To do this we'll create a file called =/root/vpnpasswd.txt=
+   containing our username, followed my our password on a separate
+   line.
 
    #+BEGIN_SRC
    user@examples.com
@@ -162,7 +162,7 @@
    modified by other users on the system.
 
    #+BEGIN_SRC shell
-   doas chmod 600 profile.ovpn vpnpasswd.txt
+   doas chmod 600 /root/profile.ovpn /root/vpnpasswd.txt
    #+END_SRC
 
 ** rcctl
@@ -175,32 +175,31 @@
 
 
    #+BEGIN_SRC shell
-   doas rcctl set openvpn flags --config /root/profile.ovpn
    doas rcctl enable openvpn
+   doas rcctl set openvpn flags --config /root/profile.ovpn
    doas rcctl start openvpn
    #+END_SRC
 
-   - =rcctl set openvpn flags --config /root/profile.ovpn= tells
-     =rcctl= to set the launch flags to the =openvpn= daemon to
-     =--config /root/profile.ovpn=. This is an OpenVPN option that
-     tells it to load its config from =/root/profile.ovpn=.
-
    - =rcctl enable openvpn=, enables the daemon at boot.
 
+   - =rcctl set openvpn flags --config /root/profile.ovpn= sets the
+     launch flags for =openvpn= to =--config /root/profile.ovpn=. This
+     is an OpenVPN option that tells it to load its config from
+     =/root/profile.ovpn=.
+
    - =rcctl start openvpn= starts the =openvpn= daemon.
 
-   If things are configured correctly, us should now see a =tun=
+   If things are configured correctly, we should now see a =tun=
    device in our =ifconfig=, and our traffic should be going through
-   the VPN. To easily check this us can make a request to a service
-   like https://icanhazip.com or https://ifconfig.so using the =ftp=
+   the VPN. To check this we can make a request to a service like
+   https://icanhazip.com or https://ifconfig.so using the =ftp=
    command.
 
    #+BEGIN_SRC shell
    ftp -o- https://canhazip.com 2>/dev/null
    #+END_SRC
 
-   This should output our current external IP address, which should
-   belong to our VPN provider.
+   It should output an IP that belongs to our VPN provider.
 
 * sysctl
   OpenVPN should have already reconfigured the our routing table to