From 020c7c74ec817a59ff624c6d67fe92911124fb14 Mon Sep 17 00:00:00 2001
From: MichaelDeciso <42928941+MichaelDeciso@users.noreply.github.com>
Date: Thu, 8 Nov 2018 20:59:18 +0100
Subject: [PATCH] Many typo fixes and some rewording (#80)
---
LICENSE | 4 +-
README.md | 2 +-
source/develop.rst | 2 +-
source/development/architecture.rst | 4 +-
source/development/components/acl.rst | 2 +-
source/development/components/menusystem.rst | 4 +-
source/development/examples/helloworld.rst | 22 +++----
source/development/frontend/models.rst | 6 +-
source/development/guidelines/basics.rst | 2 +-
source/development/how-tos/api.rst | 4 +-
source/intro.rst | 2 +-
source/legal.rst | 4 +-
source/manual/aliases.rst | 8 +--
source/manual/antivirus.rst | 2 +-
source/manual/captiveportal.rst | 2 +-
source/manual/how-tos/SkyUK.rst | 6 +-
source/manual/how-tos/cachingproxy.rst | 6 +-
source/manual/how-tos/carp.rst | 14 ++---
source/manual/how-tos/edrop.rst | 2 +-
source/manual/how-tos/insight.rst | 6 +-
source/manual/how-tos/installaws.rst | 2 +-
source/manual/how-tos/ipsec-road.rst | 2 +-
source/manual/how-tos/ipsec-s2s.rst | 36 ++++++------
source/manual/how-tos/multiwan.rst | 8 +--
source/manual/how-tos/netflow_exporter.rst | 2 +-
source/manual/how-tos/proxyicapantivirus.rst | 10 ++--
.../how-tos/proxyicapantivirusinternal.rst | 6 +-
source/manual/how-tos/proxytransparent.rst | 10 ++--
source/manual/how-tos/proxywebfilter.rst | 8 +--
.../config-OPNsense-ipsec-Site-B.xml | 2 +-
source/manual/how-tos/shaper.rst | 58 +++++++++----------
source/manual/how-tos/sslvpn_client.rst | 2 +-
source/manual/how-tos/sslvpn_s2s.rst | 4 +-
source/manual/how-tos/user-radius.rst | 6 +-
source/manual/install.rst | 4 +-
source/manual/ipv6.rst | 2 +-
source/manual/multiwan.rst | 8 +--
source/manual/netflow.rst | 4 +-
source/manual/opnsense_tools.rst | 6 +-
source/manual/proxy.rst | 7 +--
source/manual/shaping.rst | 2 +-
source/relations/hardenedbsd.rst | 2 +-
source/relations/osi.rst | 6 +-
themes/opnsense/sass/_theme_rst.sass | 2 +-
44 files changed, 151 insertions(+), 152 deletions(-)
diff --git a/LICENSE b/LICENSE
index 12445bc2..352f291c 100644
--- a/LICENSE
+++ b/LICENSE
@@ -38,8 +38,8 @@ Some pictures are licensed under the Creative Commons Zero (CC0) license:
https://creativecommons.org/publicdomain/zero/1.0/
-# Logo's
-Logo's may be subject to additional copyrights, property
+# Logos
+Logos may be subject to additional copyrights, property
rights, trademarks etc. and may require the consent of a third party or the
license of these rights. Deciso B.V. does not represent or make any warranties
that it owns or licenses any of the mentioned, nor does it grant them.
diff --git a/README.md b/README.md
index 4b3a05d7..bda65e77 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@ Some pictures are licensed under the Creative Commons Zero (CC0) license:
https://creativecommons.org/publicdomain/zero/1.0/
-Logo's may be subject to additional copyrights, property
+Logos may be subject to additional copyrights, property
rights, trademarks etc. and may require the consent of a third party or the
license of these rights. Deciso B.V. does not represent or make any warranties
that it owns or licenses any of the mentioned, nor does it grant them.
diff --git a/source/develop.rst b/source/develop.rst
index 81333122..2e0166b7 100644
--- a/source/develop.rst
+++ b/source/develop.rst
@@ -7,7 +7,7 @@ Development Manual
The OPNsense® project invites developers to start developing with OPNsense:
"For your own purpose or even better to join us in creating the best FreeBSD
based open source firewall available!" The development workflow & build process
-has been redesigned to make it more straightforward and easy for developers to
+have been redesigned to make it more straightforward and easy for developers to
build OPNsense.
Being able to get the sources and build it yourself is one of the key factors of
diff --git a/source/development/architecture.rst b/source/development/architecture.rst
index 1a539f02..a19bef13 100644
--- a/source/development/architecture.rst
+++ b/source/development/architecture.rst
@@ -81,7 +81,7 @@ first layer initializes Phalcon’s routing, which handles requests and
delivers them to the controller based on its url. User content is
generated using Volt templates, which are picked by the controller.
Because Phalcon’s default Models function with (relational) databases
-and we are using xml data, our model implementation is custom. But
+and we are using XML data, our model implementation is custom. But
wherever possible we use components from Phalcon (for example,
validation is handled using Phalcon’s classes). For a detailed
description on the routing principles used in OPNsense, visit Frontend
@@ -98,7 +98,7 @@ controllers, with the use of views, can be found at :doc:`/development/frontend/
Models
------
-All models are defined by a combination of a class and an xml containing
+All models are defined by a combination of a class and an XML containing
a (nested) definition. More information on defining models can be found
at the frontend model page :doc:`/development/frontend/models`.
diff --git a/source/development/components/acl.rst b/source/development/components/acl.rst
index 32cc196f..e1ae6e2f 100644
--- a/source/development/components/acl.rst
+++ b/source/development/components/acl.rst
@@ -45,7 +45,7 @@ Using the system from php is rather simple:
Usage in Volt templates
-----------------------
-The acl scheme is bound to the default UI controller, and can be used by
+The ACL scheme is bound to the default UI controller, and can be used by
using the acl keyword:
.. code-block:: jinja
diff --git a/source/development/components/menusystem.rst b/source/development/components/menusystem.rst
index ae5144d4..9161b490 100644
--- a/source/development/components/menusystem.rst
+++ b/source/development/components/menusystem.rst
@@ -37,8 +37,8 @@ An example of how to create a menu, is given below:
// test, print menu as structured named array
print_r($menu->getItems("/testpage.php"));
-The current version only implements a static menu defined by one xml file
-(models/OPNsense/Base/Menu/Menu.xml), but extending with additional xml files
+The current version only implements a static menu defined by one XML file
+(models/OPNsense/Base/Menu/Menu.xml), but extending with additional XML files
is already supported in the component for future use.
--------
diff --git a/source/development/examples/helloworld.rst b/source/development/examples/helloworld.rst
index 317dff19..63e8887b 100644
--- a/source/development/examples/helloworld.rst
+++ b/source/development/examples/helloworld.rst
@@ -120,7 +120,7 @@ Not all modules contain additional code in the php class, sometimes all
the standard behaviour is already sufficient for your
modules/application.
-Which is the model xml template, our skeleton starts with something like
+Which is the model XML template, our skeleton starts with something like
this:
.. code-block:: xml
@@ -266,9 +266,9 @@ Adding Fields
.. rubric:: Adding fields to your model
:name: adding-fields-to-your-model
-When building the skeleton, we have created an empty model (xml), which
+When building the skeleton, we have created an empty model (XML), which
we are going to fill with some attributes now. The items section of the
-model xml should contain the structure you want to use for your
+model XML should contain the structure you want to use for your
application, you can create trees to hold data in here. All leaves
should contain a field type to identify and validate it’s content. The
list of attributes for our application can be translated to this:
@@ -310,12 +310,12 @@ Enabled).
Presentation XML
----------------
-.. rubric:: Create a presentation xml to feed your template
+.. rubric:: Create a presentation XML to feed your template
:name: create-a-presentation-xml-to-feed-your-template
Because creating forms is one of the key assets of the system, we have
build some easy to use wrappers to guide you through the process. First
-we create an xml file for the presentation, which defines fields to use
+we create an XML file for the presentation, which defines fields to use
and adds some information for your template to render. Create a file in
your controller directory using the sub directory forms and name it
general.xml. Next copy in the following content:
@@ -392,7 +392,7 @@ Create API calls
:name: create-api-calls-to-retrieve-and-store-data
The framework provides some helpful utilities to get and set data from
-and to the configuration xml by using your defined model. First step in
+and to the configuration XML by using your defined model. First step in
binding your model to the system is to add a method to the
SettingsController to fetch the data from our configuration (or provide
the defaults if there is no content).
@@ -530,7 +530,7 @@ Let’s give it a try and save our data, without modifying it first.
Next correct the errors and save again, on successful save the data
should be stored in the config.xml. If you want to change validation
-messages, just edit the model xml and add your message in the
+messages, just edit the model XML and add your message in the
ValidationMessage tag. For example:
.. code-block:: xml
@@ -848,15 +848,15 @@ automatically picks up this new information.
Plugin to access control (ACL)
------------------------------
-If we want to authorize users to access this module, we can add an acl
+If we want to authorize users to access this module, we can add an ACL
to this module. Without it, only admin users can access it. Create an
-xml file in the model directory name ACL/ACL.xml and place the following
+XML file in the model directory name ACL/ACL.xml and place the following
content in it:
.. code-block:: xml
-
+
WebCfg - Users: Hello World!
Allow access to the Hello World! module
@@ -867,7 +867,7 @@ content in it:
-This creates an acl key named “page-user-helloworld” which authorizes
+This creates an ACL key named “page-user-helloworld” which authorizes
access to both the ui and API urls of this application. You can now
grant access to this module from the system user manager.
diff --git a/source/development/frontend/models.rst b/source/development/frontend/models.rst
index 48efe8e0..c9c7c31a 100644
--- a/source/development/frontend/models.rst
+++ b/source/development/frontend/models.rst
@@ -4,7 +4,7 @@ Creating Models
A model represents the data which the application will use and takes
care of the interaction to that data. In OPNsense most of the relevant
-data is physically stored in an xml structure (config.xml). The primary
+data is physically stored in an XML structure (config.xml). The primary
goal for OPNsense models is to structure the use of configuration data,
by creating a clear abstraction layer.
@@ -44,7 +44,7 @@ When you design a model, the next thing to do is to figure out what data is
relevant for your application or module and think of the rules it should comply
to (for example, if you need an email address you might want to validate the
input). Designing the actual model is as simple as creating an xml file and
-putting in your structure, the name of our xml file should be the same as the
+putting in your structure, the name of our XML file should be the same as the
base name of our model suffixed by .xml.
Using the same model, we would create the following file:
@@ -91,7 +91,7 @@ Now let's explain what's happing here one tag at a time.
The content of a items tag describes the full tree based structure which holds
our data, in theory this could be as large as you want it to be, but keep in
mind that the content for your model should be logical and understandable. Every
-node in the tree could have a type, which defines it's behavior, nodes without a
+node in the tree could have a type, which defines its behavior, nodes without a
type are just containers.
From top to bottom we find the following nodes in our tree:
diff --git a/source/development/guidelines/basics.rst b/source/development/guidelines/basics.rst
index 3b4ec25d..be872ccc 100644
--- a/source/development/guidelines/basics.rst
+++ b/source/development/guidelines/basics.rst
@@ -78,7 +78,7 @@ implementation is one example of this stage.
**3)** Moving on
(re)build new parts, using our new modules, which provide a layered development
-system to automatically support API calls from other systems and xml based model
+system to automatically support API calls from other systems and XML based model
templates to describe configuration data.
*See also:*
diff --git a/source/development/how-tos/api.rst b/source/development/how-tos/api.rst
index ae34a0fe..e0ad933d 100644
--- a/source/development/how-tos/api.rst
+++ b/source/development/how-tos/api.rst
@@ -41,7 +41,7 @@ Code sample (python)
--------------------
For the python code sample we use the nice "requests" library
-(http://docs.python-requests.org/en/latest/), which makes http calls
+(http://docs.python-requests.org/en/latest/), which makes HTTP calls
very easy.
Before you can start, make sure your OPNsense has a valid SSL
@@ -102,7 +102,7 @@ Using curl
----------
Simple testing with curl is also possible, the sample below uses the
-same credentials, but ignores the ssl certificate check (-k) for
+same credentials, but ignores the SSL certificate check (-k) for
testing.
.. code-block:: sh
diff --git a/source/intro.rst b/source/intro.rst
index 215a0b79..ce451095 100644
--- a/source/intro.rst
+++ b/source/intro.rst
@@ -102,4 +102,4 @@ OPNsense Core Features
- Stateful inspection firewall
- Granular control over state table
- 802.1Q VLAN support
-- and more..
+- and more…
diff --git a/source/legal.rst b/source/legal.rst
index 29eb466e..a2f9a174 100644
--- a/source/legal.rst
+++ b/source/legal.rst
@@ -108,9 +108,9 @@ Some pictures are licensed under the Creative Commons Zero (CC0) license:
https://creativecommons.org/publicdomain/zero/1.0/
-----------------
-Logo's Copyright
+Logos Copyright
-----------------
-Logo's may be subject to additional copyrights, property
+Logos may be subject to additional copyrights, property
rights, trademarks etc. and may require the consent of a third party or the
license of these rights. Deciso B.V. does not represent or make any warranties
that it owns or licenses any of the mentioned, nor does it grant them.
diff --git a/source/manual/aliases.rst b/source/manual/aliases.rst
index 361da924..6b702675 100644
--- a/source/manual/aliases.rst
+++ b/source/manual/aliases.rst
@@ -20,7 +20,7 @@ OPNsense offers the following alias types:
+------------+------------------------------------------------------+
| Ports | Port numbers or a port range like 20:30 |
+------------+------------------------------------------------------+
-| URL Tables | A table of ip addresses that can be fetched |
+| URL Tables | A table of IP addresses that can be fetched |
+------------+------------------------------------------------------+
| GeoIP | Select countries or whole regions |
+------------+------------------------------------------------------+
@@ -44,7 +44,7 @@ Go to **Firewall->Diagnostics->pfTables** and select our newly created youtube t
.. image:: images/pftable_youtube.png
:width: 100%
-As you can see there are multiple ip addresses for this domain.
+As you can see there are multiple IP addresses for this domain.
--------
Networks
@@ -64,7 +64,7 @@ section.
----------
URL Tables
----------
-URL tables can be used to fetch a list of ip addresses from a remote server.
+URL tables can be used to fetch a list of IP addresses from a remote server.
There are several IP lists available for free, most notably are the "Don't Route
Or Peer" lists from Spamhaus.
@@ -152,7 +152,7 @@ Then concatenate both by defining a new list:
* servers { critical_servers , other_servers}.
-The end result will be a list with all ip addresses in one alias list (servers).
+The end result will be a list with all IP addresses in one alias list (servers).
------------------------------
Configure DROP and EDROP lists
diff --git a/source/manual/antivirus.rst b/source/manual/antivirus.rst
index 179c3292..fb626287 100644
--- a/source/manual/antivirus.rst
+++ b/source/manual/antivirus.rst
@@ -5,7 +5,7 @@
.. image:: images/eye_on_virus_new.jpg
:width: 100%
-**OPNsense** offers the industry standard ICAP to protect http and https
+**OPNsense** offers the industry standard ICAP to protect HTTP and HTTPS
connections against ransomware, trojans, viruses and other malware .
OPNsense offers a ClamAV plugin, which can be used with the C-ICAP plugin or relies on third
diff --git a/source/manual/captiveportal.rst b/source/manual/captiveportal.rst
index 9a7e160c..d0599e18 100644
--- a/source/manual/captiveportal.rst
+++ b/source/manual/captiveportal.rst
@@ -70,7 +70,7 @@ Bandwidth Management
The Built-in traffic shaper can be utilized to:
* Share bandwidth evenly
-* Give priority to protocols port numbers and/or ip addresses
+* Give priority to protocols port numbers and/or IP addresses
See also: :doc:`/manual/shaping`
diff --git a/source/manual/how-tos/SkyUK.rst b/source/manual/how-tos/SkyUK.rst
index 07700282..6b477528 100644
--- a/source/manual/how-tos/SkyUK.rst
+++ b/source/manual/how-tos/SkyUK.rst
@@ -5,7 +5,7 @@ Setup for Sky UK ISP
**Introduction**
-----------------
-This doc covers the setup of Opnsense on a Sky UK VDSL connection.
+This doc covers the setup of OPNsense on a Sky UK VDSL connection.
Sky uses a simple IPoE connection, all that is required is a suitable modem
in bridge mode. If using a standard OpenReach modem then no setting is required
@@ -67,7 +67,7 @@ requirement for Sky .
The only other requirement in this section is to select ‘Prevent Release'.
This is there as the Sky DHCPv6 servers use a 'sticky' address. If the
-Opnsense dhcp6 client sends a release signal to the server it's more than
+OPNsense dhcp6 client sends a release signal to the server it's more than
likely that the allocated prefix will change, thus this setting, along with
the 'DHCP Unique Identifier' setting will attempt to mitigate this risk.
@@ -76,7 +76,7 @@ Once these settings have been entered, click on 'Save' then 'Apply'.
**DHCP Unique Identifier**
--------------------------
-Although Opnsense stores the IPv6 DUID it is possible this can be lost, this
+Although OPNsense stores the IPv6 DUID it is possible this can be lost, this
again would probably result in a new prefix being given, therefore an option
to enter and store a DUID is given in the Interface:Settings menu.
diff --git a/source/manual/how-tos/cachingproxy.rst b/source/manual/how-tos/cachingproxy.rst
index 5085d558..b472ccb3 100644
--- a/source/manual/how-tos/cachingproxy.rst
+++ b/source/manual/how-tos/cachingproxy.rst
@@ -82,7 +82,7 @@ interfaces in the **FTP proxy interfaces** field and **Apply**.
-------------------
Access Control List
-------------------
-You can setup ACL's by clicking on the arrow next to **Forward Proxy** and select
+You can setup ACLs by clicking on the arrow next to **Forward Proxy** and select
**Access Control List**. Here you can:
* Setup Allowed Subnets (By default the proxy interfaces will be allowed)
@@ -156,7 +156,7 @@ LAN interface (if LAN is where your clients and proxy are on).
**Source** LAN net
**Destination Port Range** HTTP
**Category** Block Proxy Bypass
- **Description** Block http bypass
+ **Description** Block HTTP bypass
============================ =====================
**Save**
@@ -170,7 +170,7 @@ And one more rule to block HTTPS access:
**Source** LAN net
**Destination Port Range** HTTPS
**Category** Block Proxy Bypass
- **Description** Block https bypass
+ **Description** Block HTTPS bypass
============================ =====================
**Save** & **Apply changes**
diff --git a/source/manual/how-tos/carp.rst b/source/manual/how-tos/carp.rst
index 9f112be5..86f921a3 100644
--- a/source/manual/how-tos/carp.rst
+++ b/source/manual/how-tos/carp.rst
@@ -18,12 +18,12 @@ route our traffic to the internet.
:width: 100%
When using CARP ( `FreeBSD handbook on CARP `__ ), all
-fail-safe interfaces should have a dedicated ip address which will be
-combined with one shared virtual ip address to communicate to both
+fail-safe interfaces should have a dedicated IP address which will be
+combined with one shared virtual IP address to communicate to both
networks. In the picture above the dashed lines are used to mark the
virtual addresses.
-The configuration file (xml) for both firewalls can be downloaded from
+The configuration file (XML) for both firewalls can be downloaded from
the wiki.
-----------
@@ -37,7 +37,7 @@ we will explain briefly first:
:name: carp
Common Address Redundancy Protocol uses IP protocol 112, is derived from
-OpenBSD and uses multicast packets to signal it's neighbours about it's
+OpenBSD and uses multicast packets to signal its neighbours about its
status. Always make sure that each interface can receive carp packets.
Every virtual interface must have a unique Virtual Host ID (vhid), which
is shared across the physical machines. To determine which physical
@@ -100,7 +100,7 @@ pfSync protocol.
.. rubric:: Backup
:name: backup
-The backup server needs it's own dedicated addresses, we will use these:
+The backup server needs its own dedicated addresses, we will use these:
+----------+-------------------+
| LAN | 192.168.1.20/24 |
@@ -180,7 +180,7 @@ consider. All clients should use the virtual address in stead of the
physical address it's normally propagating. Next thing to consider is
there will be two servers active at the same time, which should know of
each others pools. If dns requests are also forwarded by OPNsense, make
-sure the dhcp server sends the right ip address. These are settings used
+sure the dhcp server sends the right IP address. These are settings used
in our example (on the master server):
+--------------------+----------------+
@@ -197,7 +197,7 @@ Setup HA sync (xmlrpc) and pfSync
First we should enable pfSync using our dedicated interface using the
master firewall. Go to System -> High Availability, enable pfsync and
-select the interface used for pfSync. Next setup the peer ip to the
+select the interface used for pfSync. Next setup the peer IP to the
other hosts address (10.0.0.2).
Now we need to configure the settings we want to duplicating to the
diff --git a/source/manual/how-tos/edrop.rst b/source/manual/how-tos/edrop.rst
index 0e96923c..96ae4768 100644
--- a/source/manual/how-tos/edrop.rst
+++ b/source/manual/how-tos/edrop.rst
@@ -130,7 +130,7 @@ lower right corner.
---------------
Check pf Tables
---------------
-To list the ip addresses that are currently in the DROP and EDROP lists go to
+To list the IP addresses that are currently in the DROP and EDROP lists go to
**Firewall->Diagnostics->pfTables** and select the list you want to see:
.. image:: images/spamhaus_pftable.png
diff --git a/source/manual/how-tos/insight.rst b/source/manual/how-tos/insight.rst
index 1c3ddc23..0c6dd691 100644
--- a/source/manual/how-tos/insight.rst
+++ b/source/manual/how-tos/insight.rst
@@ -83,8 +83,8 @@ Clicking on a piece of the pie will open a detailed view for further analysis.
IP Addresses Pie Chart
----------------------
The IP addresses pie chart works the same as the ports pie chart and shows the
-percentage per ip number. One can change the view by clicking or double clicking
-on one of the shown ip numbers.
+percentage per IP number. One can change the view by clicking or double clicking
+on one of the shown IP numbers.
Clicking on a piece of the pie will open a detailed view for further analysis.
@@ -106,7 +106,7 @@ When opening the details view by clicking on the tab one can make a new query.
:width: 100%
After selecting a valid date range (form/to) and interface one can further limit
-the output by filtering on port or ip address. Select the refresh icon to update
+the output by filtering on port or IP address. Select the refresh icon to update
the detailed output. Leave Port and Address empty for a full detailed listing.
.. image:: images/insight_full_details.png
diff --git a/source/manual/how-tos/installaws.rst b/source/manual/how-tos/installaws.rst
index f75d08d4..58b7bf3b 100644
--- a/source/manual/how-tos/installaws.rst
+++ b/source/manual/how-tos/installaws.rst
@@ -29,7 +29,7 @@ Choose an instance type
---------------------------------
Step 3 - Configure security group
---------------------------------
-To configure security group, make sure you allow https access from your own network.
+To configure security group, make sure you allow HTTPS access from your own network.
.. image:: images/aws_configure_security_group.png
:width: 100%
diff --git a/source/manual/how-tos/ipsec-road.rst b/source/manual/how-tos/ipsec-road.rst
index ae631aa5..e3f21ffa 100644
--- a/source/manual/how-tos/ipsec-road.rst
+++ b/source/manual/how-tos/ipsec-road.rst
@@ -16,7 +16,7 @@ OPNsense and give you configuration examples for:
.. Note::
- For the sample we will use a private ip for our WAN connection.
+ For the sample we will use a private IP for our WAN connection.
This requires us to disable the default block rule on wan to allow private traffic.
To do so, go to the **Interfaces->[WAN]** and uncheck "Block private networks".
*(Dont forget to save and apply)*
diff --git a/source/manual/how-tos/ipsec-s2s.rst b/source/manual/how-tos/ipsec-s2s.rst
index 94e14b62..e719bb2e 100644
--- a/source/manual/how-tos/ipsec-s2s.rst
+++ b/source/manual/how-tos/ipsec-s2s.rst
@@ -16,7 +16,7 @@ connection (you local network need to different than that of the remote network)
.. Note::
- For the sample we will use a private ip for our WAN connection.
+ For the sample we will use a private IP for our WAN connection.
This requires us to disable the default block rule on wan to allow private traffic.
To do so, go to the **Interfaces->[WAN]** and uncheck "Block private networks".
*(Dont forget to save and apply)*
@@ -170,11 +170,11 @@ Full Network Diagram Including IPsec Tunnel
}
-------------------------------
-Firewall Rules Site A & Site B
-------------------------------
+---------------------------------------
+Firewall Rules Site A & Site B (part 1)
+---------------------------------------
To allow IPsec Tunnel Connections, the following should be allowed on WAN for on
-sites:
+sites (under **Firewall->Rules->WAN**):
* Protocol ESP
* UDP Traffic on Port 500 (ISAKMP)
@@ -185,13 +185,7 @@ sites:
.. Note::
- You can further limit the traffic by the source ip of the remote host.
-
-To allow traffic passing to your LAN subnet you need to add a rule to the IPsec
-interface.
-
-.. image:: images/ipsec_ipsec_lan_rule.png
- :width: 100%
+ You can further limit the traffic by the source IP of the remote host.
-----------------------
Step 1 - Phase 1 Site A
@@ -206,7 +200,7 @@ General information
**Key Exchange version** V2
**Internet Protocol** IPv4
**Interface** WAN *choose the interface connected to the internet*
-**Remote gateway** 172.10.2.1 *the public ip address of your remote OPNsense*
+**Remote gateway** 172.10.2.1 *the public IP address of your remote OPNsense*
**Description** Site B *freely chosen description*
========================= ============= ================================================
@@ -320,7 +314,8 @@ And Apply changes:
.. image:: images/ipsec_s2s_vpn_p1a_success.png
:width: 100%
-**You are done configuring Site A.**
+**You are almost done configuring Site A (only some firewall settings remain, which we'll address later).**
+**We will now proceed setting up Site B**
-----------------------------
@@ -337,7 +332,7 @@ General information
**Key Exchange version** V2
**Internet Protocol** IPv4
**Interface** WAN *choose the interface connected to the internet*
-**Remote gateway** 172.10.1.1 *the public ip address of your remote OPNsense*
+**Remote gateway** 172.10.1.1 *the public IP address of your remote OPNsense*
**Description** Site A *freely chosen description*
========================= ============= ================================================
@@ -455,8 +450,15 @@ And Apply changes:
.. image:: images/ipsec_s2s_vpn_p1a_success.png
:width: 100%
-**You are done configuring Site B.**
+---------------------------------------
+Firewall Rules Site A & Site B (part 2)
+---------------------------------------
+To allow traffic passing to your LAN subnet you need to add a rule to the IPsec
+interface (under **Firewall->Rules->IPsec**).
+
+.. image:: images/ipsec_ipsec_lan_rule.png
+ :width: 100%
------------------
IPsec Tunnel Ready
@@ -511,7 +513,7 @@ Phase 1 works but no phase 2 tunnels are connected
---------------------------------------------------
Did you set the correct local and remote networks. A common mistake is to fill in
-the ip address of the remote host in stead of its network ending with **x.x.x.0**
+the IP address of the remote host in stead of its network ending with **x.x.x.0**
Common issues are unequal settings. Both ends must use the same encryption standard.
diff --git a/source/manual/how-tos/multiwan.rst b/source/manual/how-tos/multiwan.rst
index 02ca6e86..8916f671 100644
--- a/source/manual/how-tos/multiwan.rst
+++ b/source/manual/how-tos/multiwan.rst
@@ -1,7 +1,7 @@
===============
Setup Multi WAN
===============
-Multi WAN scenario's are commonly used for failover or load balancing, but combinations
+Multi WAN scenarios are commonly used for failover or load balancing, but combinations
are also possible with OPNsense.
.. blockdiag::
@@ -47,10 +47,10 @@ We defined WAN and WAN2, where WAN will be our primary (default) gateway.
Step 1 - Add monitor IPs
-------------------------
-You may skip this step if you already have setup the monitoring ip and both gateways
+You may skip this step if you already have setup the monitoring IP and both gateways
are shown as online.
-To add a monitoring ip go to **System->Gateways->All** and click on the first pencil
+To add a monitoring IP go to **System->Gateways->All** and click on the first pencil
symbol to edit the first gateway.
Now make sure the following is configured:
@@ -208,4 +208,4 @@ Combining Balancing & Failover
------------------------------
To combine Load Balancing with Failover you will have 2 or more WAN connections
for Balancing purposes and 1 or more for Failover. OPNsense offers 5 tiers
-(Failover groups) each tier can hold multiple ISP's/WAN gateways.
+(Failover groups) each tier can hold multiple ISPs/WAN gateways.
diff --git a/source/manual/how-tos/netflow_exporter.rst b/source/manual/how-tos/netflow_exporter.rst
index a7986378..d421bb72 100644
--- a/source/manual/how-tos/netflow_exporter.rst
+++ b/source/manual/how-tos/netflow_exporter.rst
@@ -18,5 +18,5 @@ For local analysis using Insight also enable **Capture local**.
Depending on the application you would like to use select **Version** 5 or 9.
Remember that version 5 does not support IPv6.
-Add your **Destinations** (ip:port then enter) local ip will be added automatic
+Add your **Destinations** (ip:port then enter) local IP will be added automatic
if Capture local is selected.
diff --git a/source/manual/how-tos/proxyicapantivirus.rst b/source/manual/how-tos/proxyicapantivirus.rst
index 50ba3bce..980d6cde 100644
--- a/source/manual/how-tos/proxyicapantivirus.rst
+++ b/source/manual/how-tos/proxyicapantivirus.rst
@@ -1,7 +1,7 @@
===========================
Setup Anti Virus Protection
===========================
-OPNsense can offer http and https protection by utilizing its highly flexible
+OPNsense can offer HTTP and HTTPS protection by utilizing its highly flexible
proxy and the industry standard ICAP. An external engine from one of the known
vendors is used to offer maximum protection against malware, such as ransomware,
trojans and viruses. This protection can be further enhanced by the built-in Intrusion
@@ -42,11 +42,11 @@ Step 4 - Connect the Engine
---------------------------
Now connect the server that the engine is installed on to OPNsense trough either
a switch or a direct cable connection. Preferable use a separate network for this
-traffic to make sure the unencrypted ICAP traffic can's be tapped.
+traffic to make sure the unencrypted ICAP traffic can't be tapped.
.. Note::
ICAP traffic is not encrypted, meaning you have to make sure the traffic is not
- visible to anyone else. When using transparent https mode it is best to configure
+ visible to anyone else. When using transparent HTTPS mode it is best to configure
a separate interface for ICAP traffic and connect the Server (Engine) directly
with a crosslink cable. Alternatively one may use a VLAN for this purpose.
@@ -70,8 +70,8 @@ Step 6 - Test using EICAR
To test if the engine is operational and functional go to http://www.eicar.org/85-0-Download.html
on this page you will find several files you can test.
-First test the http protocol version and if that works the https version if you
-have also configured the transparent ssl proxy mode.
+First test the HTTP protocol version. If that works, test the HTTP version if you
+have also configured the transparent SSL proxy mode.
.. Warning::
**IMPORTANT NOTE** :
diff --git a/source/manual/how-tos/proxyicapantivirusinternal.rst b/source/manual/how-tos/proxyicapantivirusinternal.rst
index c27999db..5b853745 100644
--- a/source/manual/how-tos/proxyicapantivirusinternal.rst
+++ b/source/manual/how-tos/proxyicapantivirusinternal.rst
@@ -1,7 +1,7 @@
==================================================
Setup Anti Virus Protection using OPNsense Plugins
==================================================
-OPNsense can offer http and https protection by utilizing its highly flexible
+OPNsense can offer HTTP and HTTPS protection by utilizing its highly flexible
proxy and the industry standard ICAP. An external engine from one of the known
vendors is used to offer maximum protection against malware, such as ransomware,
trojans and viruses. This protection can be further enhanced by the built-in Intrusion
@@ -62,8 +62,8 @@ Step 5 - Test using EICAR
To test if the engine is operational and functional go to http://www.eicar.org/85-0-Download.html
on this page you will find several files you can test.
-First test the http protocol version and if that works the https version if you
-have also configured the transparent ssl proxy mode.
+First test the HTTP protocol version. If that works, test the HTTPS version if you
+have also configured the transparent SSL proxy mode.
.. Warning::
**IMPORTANT NOTE** :
diff --git a/source/manual/how-tos/proxytransparent.rst b/source/manual/how-tos/proxytransparent.rst
index 52b34585..27718b6e 100644
--- a/source/manual/how-tos/proxytransparent.rst
+++ b/source/manual/how-tos/proxytransparent.rst
@@ -7,14 +7,14 @@ can be configured to run in transparent mode, this mean the clients browser does
not have to be configured for the web proxy, but all traffic is diverted to the
proxy automatically by utilizing Network Address Translation.
-In this How To, we will explain the basic http as well as https (ssl bump) transparent
+In this How To, we will explain the basic HTTP as well as HTTPS (SSL bump) transparent
proxy modes.
.. Warning::
The Transparent SSL/HTTPS proxy mode uses a technique also called man-in-the-middle,
- only configure and use this if your know what you are doing. When configured wrong
- you may end up in lessing your security defenses significantly instead of enhancing
- them. Using a transparent https proxy can be a dangerous practice and may not be
+ only configure and use this if you know what you are doing. When configured incorrectly
+ you may end up in lessening your security defenses significantly instead of enhancing
+ them. Using a transparent HTTPS proxy can be a dangerous practice and may not be
allowed by the services you use, for instance e-banking.
Step 1 - Basic Proxy Setup
@@ -33,7 +33,7 @@ And Click **Apply**.
Step 3 - NAT/Firewall Rule
---------------------------------
-A simple way to add the NAT/Firewall Rule is to click on the **(i)** icon on the
+A simple way to add the NAT/Firewall Rule is to click the **(i)** icon on the
left of the **Enable Transparent HTTP proxy** option and click on **add a new firewall rule**.
.. image:: images/screenshot_enable_transparent_http.png
diff --git a/source/manual/how-tos/proxywebfilter.rst b/source/manual/how-tos/proxywebfilter.rst
index 4a2970d8..42579614 100644
--- a/source/manual/how-tos/proxywebfilter.rst
+++ b/source/manual/how-tos/proxywebfilter.rst
@@ -61,8 +61,8 @@ Press **Save Changes**.
--------------------------------
Step 3 - Download the Categories
--------------------------------
-Now press Download ACL's, please note that this will take a while (can be several
-minutes) as the full list (>19 MB) will be converted to squid acl's.
+Now press Download ACLs, please note that this will take a while (can be several
+minutes) as the full list (>19 MB) will be converted to squid ACLs.
-------------------------
Step 4 - Setup Categories
@@ -108,7 +108,7 @@ LAN interface (if LAN is where your clients and proxy are on).
**Source** LAN net
**Destination Port Range** HTTP
**Category** Block Proxy Bypass
- **Description** Block http bypass
+ **Description** Block HTTP bypass
============================ =====================
**Save**
@@ -122,7 +122,7 @@ And one more rule to block HTTPS access:
**Source** LAN net
**Destination Port Range** HTTPS
**Category** Block Proxy Bypass
- **Description** Block https bypass
+ **Description** Block HTTPS bypass
============================ =====================
**Save** & **Apply changes**
diff --git a/source/manual/how-tos/resources/config-OPNsense-ipsec-Site-B.xml b/source/manual/how-tos/resources/config-OPNsense-ipsec-Site-B.xml
index 21533dc4..0179242e 100644
--- a/source/manual/how-tos/resources/config-OPNsense-ipsec-Site-B.xml
+++ b/source/manual/how-tos/resources/config-OPNsense-ipsec-Site-B.xml
@@ -144,7 +144,7 @@
default
-
- Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())
+ Randomize PIDs (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())
kern.randompid
default
diff --git a/source/manual/how-tos/shaper.rst b/source/manual/how-tos/shaper.rst
index 163e3617..a12fc8cf 100644
--- a/source/manual/how-tos/shaper.rst
+++ b/source/manual/how-tos/shaper.rst
@@ -2,7 +2,7 @@
Setup Traffic Shaping
=====================
-For this how-to we will look into these scenario's:
+For this how-to we will look into these scenarios:
#. Reserve dedicated bandwidth for a realtime traffic such as (hosted) Voice Over IP (VOIP) server.
#. Share internet bandwidth amongst users evenly
@@ -112,10 +112,10 @@ Create a rule for traffic directed towards the VOIP Server (Upload).
====================== ================= =====================================================
**sequence** 11 *Auto generated number, overwrite only when needed*
**interface** WAN *Select the interface connected to the internet*
- **proto** ip *Select the protocol, ip in our example*
- **source** any *The source ip to shape, leave on any*
+ **proto** ip *Select the protocol, IP in our example*
+ **source** any *The source IP to shape, leave on any*
**src-port** any *The source port to shape, leave on any*
- **destination** 172.10.2.1 *The ip address of our VOIP server*
+ **destination** 172.10.2.1 *The IP address of our VOIP server*
**dst-port** any *Use any of the destination port if static*
**target** PipeUP-256kbps *Select the Upload 256 kbps Pipe*
**description** ShapeVOIPUpload *Enter a descriptive name*
@@ -127,10 +127,10 @@ Create a rule for traffic coming from the VOIP Server (Download).
====================== ================= =====================================================
**sequence** 21 *Auto generated number, overwrite only when needed*
**interface** WAN *Select the interface connected to the internet*
- **proto** ip *Select the protocol, ip in our example*
- **source** 172.10.2.1 *The ip address of our VOIP server*
+ **proto** ip *Select the protocol, IP in our example*
+ **source** 172.10.2.1 *The IP address of our VOIP server*
**src-port** any *The source port to shape, leave on any*
- **destination** any *The destination ip to shape, leave on any*
+ **destination** any *The destination IP to shape, leave on any*
**dst-port** any *The destination port to shape, leave on any*
**target** PipeDown256kbps *Select the Download 256 kbps Pipe*
**description** ShapeVOIPDown *Enter a descriptive name*
@@ -141,7 +141,7 @@ Create a rule for all other internet upload traffic
====================== ================= =====================================================
**sequence** 31 *Auto generated number, overwrite only when needed*
**interface** WAN *Select the interface connected to the internet*
- **proto** ip *Select the protocol, ip in our example*
+ **proto** ip *Select the protocol, IP in our example*
**source** 192.168.1.0/24 *The source IPs to shape, our LAN network*
**src-port** any *The source port to shape, leave on any*
**destination** any *the destination address, leave in any*
@@ -156,8 +156,8 @@ Create a rule for all other internet download traffic
====================== =================== =====================================================
**sequence** 41 *Auto generated number, overwrite only when needed*
**interface** WAN *Select the interface connected to the internet*
- **proto** ip *Select the protocol, ip in our example*
- **source** any *The source ip to shape, leave on any*
+ **proto** ip *Select the protocol, IP in our example*
+ **source** any *The source IP to shape, leave on any*
**src-port** any *The source port to shape, leave on any*
**destination** 192.168.1.0/24 *The destination IPs to shape, our LAN network*
**dst-port** any *The destination port to shape, leave on any*
@@ -279,8 +279,8 @@ Create a rule for traffic directed towards the internet (Upload).
====================== ================= =====================================================
**sequence** 11 *Auto generated number, overwrite only when needed*
**interface** WAN *Select the interface connected to the internet*
- **proto** ip *Select the protocol, ip in our example*
- **source** 192.168.1.0/24 *The source ip to shape, select the LAN network*
+ **proto** ip *Select the protocol, IP in our example*
+ **source** 192.168.1.0/24 *The source IP to shape, select the LAN network*
**src-port** any *The source port to shape, leave on any*
**destination** any *The destination to shape, leave on any*
**dst-port** any *Use any of the destination port if static*
@@ -294,10 +294,10 @@ Create a rule for traffic coming from the internet (Download).
====================== ================= =====================================================
**sequence** 21 *Auto generated number, overwrite only when needed*
**interface** WAN *Select the interface connected to the internet*
- **proto** ip *Select the protocol, ip in our example*
+ **proto** ip *Select the protocol, IP in our example*
**source** any *The source address, leave on any*
**src-port** any *The source port to shape, leave on any*
- **destination** 192.168.1.0/24 *The destination ip to shape, select LAN network*
+ **destination** 192.168.1.0/24 *The destination IP to shape, select LAN network*
**dst-port** any *The destination port to shape, leave on any*
**target** QueueDown-10Mbps *Select the Download 10 Mbps Queue*
**description** ShapeDownload *Enter a descriptive name*
@@ -373,10 +373,10 @@ Create a rule for traffic coming from the internet (Download).
====================== ================= =====================================================
**sequence** 21 *Auto generated number, overwrite only when needed*
**interface** WAN *Select the interface connected to the internet*
- **proto** ip *Select the protocol, ip in our example*
+ **proto** ip *Select the protocol, IP in our example*
**source** any *The source address, leave on any*
**src-port** any *The source port to shape, leave on any*
- **destination** 192.168.1.0/24 *The destination ip to shape, select LAN network*
+ **destination** 192.168.1.0/24 *The destination IP to shape, select LAN network*
**dst-port** any *The destination port to shape, leave on any*
**target** PipeDown-1Mbps *Select the Download 1 Mbps Pipe*
**description** ShapeDownload *Enter a descriptive name*
@@ -384,7 +384,7 @@ Create a rule for traffic coming from the internet (Download).
.. Note::
- If you want to limit traffic for a single ip then just enter the ip address
+ If you want to limit traffic for a single IP then just enter the IP address
in the destination field instead of the full LAN network range.
Now press |apply| to activate the traffic shaping rules.
@@ -476,46 +476,46 @@ Create a rule for smtp download traffic (email)
====================== =================== =====================================================
**sequence** 11 *Auto generated number, overwrite only when needed*
**interface** WAN *Select the interface connected to the internet*
- **proto** ip *Select the protocol, ip in our example*
+ **proto** ip *Select the protocol, IP in our example*
**source** any *The source address, leave on any*
**src-port** smtp *The source port to shape, smtp or 25*
- **destination** any *The destination ip to shape, leave on any*
+ **destination** any *The destination IP to shape, leave on any*
**dst-port** any *The destination port to shape, leave on any*
**target** Queue-SMTP *Select the SMTP queue*
**description** ShapeSMTPDownload *Enter a descriptive name*
====================== =================== =====================================================
-Create a rule for http download traffic
+Create a rule for HTTP download traffic
====================== =================== =====================================================
**sequence** 21 *Auto generated number, overwrite only when needed*
**interface** WAN *Select the interface connected to the internet*
- **proto** ip *Select the protocol, ip in our example*
+ **proto** ip *Select the protocol, IP in our example*
**source** any *The source address, leave on any*
**src-port** http *The source port to shape, http or 80*
- **destination** any *The destination ip to shape, leave on any*
+ **destination** any *The destination IP to shape, leave on any*
**dst-port** any *The destination port to shape, leave on any*
**target** Queue-HTTP *Select the HTTP queue*
**description** ShapeHTTPDownload *Enter a descriptive name*
====================== =================== =====================================================
-Adding an extra rule for https traffic is simple as we can use the same http queue if we like:
+Adding an extra rule for HTTPS traffic is simple as we can use the same HTTP queue if we like:
====================== ==================== =====================================================
**sequence** 31 *Auto generated number, overwrite only when needed*
**interface** WAN *Select the interface connected to the internet*
- **proto** ip *Select the protocol, ip in our example*
+ **proto** ip *Select the protocol, IP in our example*
**source** any *The source address, leave on any*
**src-port** https *The source port to shape, https or 443*
- **destination** any *The destination ip to shape, leave on any*
+ **destination** any *The destination IP to shape, leave on any*
**dst-port** any *The destination port to shape, leave on any*
**target** Queue-HTTP *Select the HTTP queue*
**description** ShapeHTTPSDownload *Enter a descriptive name*
====================== ==================== =====================================================
-This way http and https traffic will be treated the same (total max of 1 Mbps).
+This way HTTP and HTTPS traffic will be treated the same (total max of 1 Mbps).
Now press |apply| to activate the traffic shaping rules.
@@ -620,10 +620,10 @@ Create a rule for the download traffic
**sequence** 11 *Auto generated number, overwrite only when needed*
**interface** WAN *Select the interface connected to the internet*
**interface2** GuestNet *Select the interface that matches your GuestNet*
- **proto** ip *Select the protocol, ip in our example*
+ **proto** ip *Select the protocol, IP in our example*
**source** any *The source address, leave on any*
**src-port** any *The source port to shape, leave on any*
- **destination** any *The destination ip to shape, leave on any*
+ **destination** any *The destination IP to shape, leave on any*
**dst-port** any *The destination port to shape, leave on any*
**direction** in *Match incoming packages (download)*
**target** PipeDown-2Mbps *Select the Download pipe*
@@ -639,7 +639,7 @@ Create a rule for the upload traffic
**proto** ip *Select the protocol, IP in our example*
**source** any *The source address, leave on any*
**src-port** any *The source port to shape, leave on any*
- **destination** any *The destination ip to shape, leave on any*
+ **destination** any *The destination IP to shape, leave on any*
**dst-port** any *The destination port to shape, leave on any*
**direction** out *Match incoming packages (download)*
**target** PipeUp-1Mbps *Select the Download pipe*
diff --git a/source/manual/how-tos/sslvpn_client.rst b/source/manual/how-tos/sslvpn_client.rst
index 9a763a87..2944f5dd 100644
--- a/source/manual/how-tos/sslvpn_client.rst
+++ b/source/manual/how-tos/sslvpn_client.rst
@@ -29,7 +29,7 @@ and give you configuration examples for:
.. Note::
- For the sample we will use a private ip for our WAN connection.
+ For the sample we will use a private IP for our WAN connection.
This requires us to disable the default block rule on wan to allow private traffic.
To do so, go to the **Interfaces->[WAN]** and uncheck "Block private networks".
*(Dont forget to save and apply)*
diff --git a/source/manual/how-tos/sslvpn_s2s.rst b/source/manual/how-tos/sslvpn_s2s.rst
index 1ca6bedc..60430d20 100644
--- a/source/manual/how-tos/sslvpn_s2s.rst
+++ b/source/manual/how-tos/sslvpn_s2s.rst
@@ -2,7 +2,7 @@
Setup SSL VPN site to site tunnel
=================================
-Site to site VPN's connect two locations with static public IP addresses and allow
+Site to site VPNs connect two locations with static public IP addresses and allow
traffic to be routed between the two networks. This is most commonly used to
connect an organization's branch offices back to its main office, so branch users
can access network resources in the main office.
@@ -16,7 +16,7 @@ connection (you local network need to different than that of the remote network)
.. Note::
- For the sample we will use a private ip for our WAN connection.
+ For the sample we will use a private IP for our WAN connection.
This requires us to disable the default block rule on wan to allow private traffic.
To do so, go to the **Interfaces->[WAN]** and uncheck "Block private networks".
*(Don't forget to save and apply)*
diff --git a/source/manual/how-tos/user-radius.rst b/source/manual/how-tos/user-radius.rst
index 4aeaecb3..4bacc6e3 100644
--- a/source/manual/how-tos/user-radius.rst
+++ b/source/manual/how-tos/user-radius.rst
@@ -6,15 +6,15 @@ is easy just go to **System->Access->Servers** and click on **Add server** in th
Fill in the form:
-============================== =============== ========================================================
+============================== =============== =========================================================
**Descriptive name** radius_test *Enter a descriptive name*
**Type** Radius *Select Radius*
**Hostname or IP address** 10.10.10.1 *Enter the IP of your Radius server*
**Shared Secret** secret *Shared secret for your Radius server*
**Services offered** Authentication *Select Authentication,for Captive portal + accounting*
-**Authentication port value** 1812 *Port number, 1812 is default for accounting it's 1813*
+**Authentication port value** 1812 *Port number, 1812 is default; for accounting it's 1813*
**Authentication Timeout** 5 *Timeout for Radius to respond on requests*
-============================== =============== ========================================================
+============================== =============== =========================================================
Use the tester under **System->Access->Tester** to test the Radius server.
diff --git a/source/manual/install.rst b/source/manual/install.rst
index f264e791..a1d7b933 100644
--- a/source/manual/install.rst
+++ b/source/manual/install.rst
@@ -344,8 +344,8 @@ By default you have to log in to enter the console.
VLANs and assigning interfaces
If choose to do manual interface assignment or when no config file can be
found then you are asked to assign Interfaces and VLANs. VLANs are optional.
- If you do not need VLAN's then choose **no**. You can always configure
- VLAN's at a later time.
+ If you do not need VLANs then choose **no**. You can always configure
+ VLANs at a later time.
LAN, WAN and optional interfaces
The first interface is the LAN interface. Type the appropriate
diff --git a/source/manual/ipv6.rst b/source/manual/ipv6.rst
index 7d79a054..009ed102 100644
--- a/source/manual/ipv6.rst
+++ b/source/manual/ipv6.rst
@@ -6,7 +6,7 @@ Using IPv6
:width: 100%
OPNsense fully supports IPv6 for routing and firewall. However there are lots of
-different options to utilize IPv6. Currently these scenario's are known to work:
+different options to utilize IPv6. Currently these scenarios are known to work:
* Native IPv6 only
* Dual Stack IPv4 + IPv6
diff --git a/source/manual/multiwan.rst b/source/manual/multiwan.rst
index 0835b069..ac3d3a88 100644
--- a/source/manual/multiwan.rst
+++ b/source/manual/multiwan.rst
@@ -1,7 +1,7 @@
=========
Multi WAN
=========
-Multi WAN scenario's are commonly used for failover or load balancing, but combinations
+Multi WAN scenarios are commonly used for failover or load balancing, but combinations
are also possible with OPNsense.
.. blockdiag::
@@ -30,7 +30,7 @@ connectivity is fully restored so will the routing switch back to the primary IS
------------------
WAN Load Balancing
------------------
-Load balancing can be used to split the load between two (or more) ISP's. This
+Load balancing can be used to split the load between two (or more) ISPs. This
enhances the total available bandwidth and/or lowers the load on each ISP.
The principle is simple: Each WAN connection (gateway) gets a portion of the traffic.
@@ -39,10 +39,10 @@ The traffic can be divided equally or weighted.
------------------------------
Combining Balancing & Failover
------------------------------
-It is also possible to combine Load Balancing with Failover in such scenario's
+It is also possible to combine Load Balancing with Failover in such scenarios
you will have 2 or more WAN connections for Balancing purposes and 1 or more for
Failover. OPNsense offers 5 tiers (Failover groups) each tier can hold multiple
-ISP's/WAN gateways.
+ISPs/WAN gateways.
-------------
Configuration
diff --git a/source/manual/netflow.rst b/source/manual/netflow.rst
index 8bf82000..db56c249 100644
--- a/source/manual/netflow.rst
+++ b/source/manual/netflow.rst
@@ -11,13 +11,13 @@ is very fast with little overhead compared to softflowd or pfflowd.
While many monitoring solutions such as Nagios, Cacti and vnstat only capture traffic
statistics, Netflow captures complete packet flows including source, destination
-ip and port number.
+IP and port number.
OPNsense offers full support for exporting Netflow data to external collectors as
well as a comprehensive Analyzer for on-the-box analysis and live monitoring.
OPNsense is the only open source solution with a built-in Netflow analyzer integrated
-into it's Graphical User Interface.
+into its Graphical User Interface.
------------------
Supported Versions
diff --git a/source/manual/opnsense_tools.rst b/source/manual/opnsense_tools.rst
index c90ea1c2..670daa28 100644
--- a/source/manual/opnsense_tools.rst
+++ b/source/manual/opnsense_tools.rst
@@ -55,12 +55,12 @@ The latest update of OPNsense to version 18.1.5 did a minor jump for the IPSec p
From this moment your VPNs are unstable and only a restart helps.
To check if the update of the package is the reason you can easily revert the package
-to it's previous state while running the latest OPNsense version itself
+to its previous state while running the latest OPNsense version itself.
# opnsense-revert -r 18.1.4 strongswan
-With this command you will on e.g. 18.1.5 while reverting the package strongswan to it's version it was in 18.1.4.
-If you want to go back to the current release version just just
+With this command you can, for example, run OPNsense 18.1.5 while using the 18.1.4 version of strongswan.
+If you want to go back to the current release version just do
# opnsense-revert strongswan
diff --git a/source/manual/proxy.rst b/source/manual/proxy.rst
index d2f3ce20..93198cff 100644
--- a/source/manual/proxy.rst
+++ b/source/manual/proxy.rst
@@ -66,7 +66,7 @@ category based web filter support. Main features include:
* Fetch from a remote URL
* Supports flat file list and category based compressed lists
-* Automatically convert category based blacklists to squid ACL's
+* Automatically convert category based blacklists to squid ACLs
* Keep up to date with the built-in scheduler
* Compatible with most popular blacklist
@@ -75,13 +75,10 @@ Transparent Mode
----------------
The transparent mode means all request will be diverted to the proxy without any
configuration on your client. Transparent mode works very well with unsecured http
-requests, however with secured (SSL) https connection the proxy will become a
+requests, however with secured (SSL) HTTPS connection the proxy will become a
man-in-the-middle as the client will "talk" to the proxy and the proxy will encrypt
the traffic with its master key that the client is required to trust.
-While we do not encourage the use of https in transparent mode, this feature is
-scheduled for release in version 16.7.
-
.. Warning::
Using a transparent HTTPS proxy can be a dangerous practice and may not be
allowed by the services you use, for instance e-banking.
diff --git a/source/manual/shaping.rst b/source/manual/shaping.rst
index 9baed7d2..343f4578 100644
--- a/source/manual/shaping.rst
+++ b/source/manual/shaping.rst
@@ -24,7 +24,7 @@ OPNsense traffic shaping is a reliable solution to limit bandwidth or prioritize
traffic and can be combined with other functions such as captive portal or high
availability (CARP).
-Bandwidth limitations can be defined based upon the interface(s), ip source &
+Bandwidth limitations can be defined based upon the interface(s), IP source &
destination, direction of traffic (in/out) and port numbers (application).
Available bandwidth can be shared evenly over all users, this allows for
diff --git a/source/relations/hardenedbsd.rst b/source/relations/hardenedbsd.rst
index a47b3424..c9e5b543 100644
--- a/source/relations/hardenedbsd.rst
+++ b/source/relations/hardenedbsd.rst
@@ -43,4 +43,4 @@ HardenedBSD's core team consists of Oliver Pinter and Shawn Webb.
Cooperation with OPNsense
-------------------------
In May 2015, HardenedBSD announced their cooperation with OPNsense.
-A HardenedBSD-flavored versions of OPNsense is available as of June 2015.
+A HardenedBSD-flavored version of OPNsense is available as of June 2015.
diff --git a/source/relations/osi.rst b/source/relations/osi.rst
index a20ad14f..342756a3 100644
--- a/source/relations/osi.rst
+++ b/source/relations/osi.rst
@@ -17,9 +17,9 @@ community-recognized body for reviewing and approving licenses as OSD-conformant
-----------------------
-------------------
-Relations OPNsense
-------------------
+--------------------
+Relation to OPNsense
+--------------------
OPNsense is licensed under an Open Source Initiative `approved license `__. OPNsense
is and will be available with the simple 2-clause BSD license. We believe an
open source project should provide the sources and the tools to build it.
diff --git a/themes/opnsense/sass/_theme_rst.sass b/themes/opnsense/sass/_theme_rst.sass
index 9293dc16..62e3a4ba 100644
--- a/themes/opnsense/sass/_theme_rst.sass
+++ b/themes/opnsense/sass/_theme_rst.sass
@@ -288,7 +288,7 @@
// rST seems to want dds to be treated as the browser would, indented.
dd
margin: 0 0 $base-line-height / 2 $base-line-height
- // This is what Sphinx spits out for it's autodocs. Depending upon what language the person is referencing
+ // This is what Sphinx spits out for its autodocs. Depending upon what language the person is referencing
// these things usually have a class of "method" or "class" or something similar, but really who knows.
// Sphinx doesn't give me a generic class on these, so unfortunately I have to apply it to the root dl.
// This makes me terribly unhappy and makes this code very nesty. Unfortunately I've seen hand-written docs