From a7d45bf9db81b9ea65ae34f3a660dfc20dd0a56c Mon Sep 17 00:00:00 2001 From: Michael Prokop <115592+mika@users.noreply.github.com> Date: Fri, 30 Jan 2026 13:07:35 +0100 Subject: [PATCH] docs: fix typos + grammar issues (#841) --- source/manual/aliases.rst | 2 +- source/manual/firewall_settings.rst | 2 +- source/manual/how-tos/caddy.rst | 2 +- source/manual/how-tos/carp.rst | 2 +- source/manual/how-tos/drop.rst | 2 +- source/manual/how-tos/dynamic_routing_bfd.rst | 2 +- source/manual/how-tos/dynamic_routing_bgp.rst | 2 +- source/manual/how-tos/ipsec-s2s-route.rst | 2 +- source/manual/how-tos/ipsec-s2s.rst | 2 +- source/manual/how-tos/ipv6_fb.rst | 2 +- source/manual/how-tos/nginx.rst | 2 +- source/manual/how-tos/nginx_basic_auth.rst | 2 +- source/manual/how-tos/nginx_header_hardening.rst | 2 +- source/manual/how-tos/nginx_tls_fingerprints.rst | 2 +- source/manual/how-tos/orange_fr_fttp.rst | 4 ++-- source/manual/how-tos/proxywebfilter.rst | 2 +- source/manual/how-tos/sslvpn_client.rst | 2 +- source/manual/how-tos/stunnel.rst | 2 +- source/manual/how-tos/tor.rst | 6 +++--- source/manual/how-tos/user-local.rst | 2 +- source/manual/how-tos/wireguard-s2s.rst | 2 +- source/manual/ipv6.rst | 2 +- source/manual/proxy.rst | 2 +- 23 files changed, 26 insertions(+), 26 deletions(-) diff --git a/source/manual/aliases.rst b/source/manual/aliases.rst index 7ce1f259..f4529ce2 100644 --- a/source/manual/aliases.rst +++ b/source/manual/aliases.rst @@ -266,7 +266,7 @@ Below you will find a detailed specification our software can detect and process .. tab:: zip format (MaxMind) - This format requires a [zip] file containing the the following csv files: + This format requires a [zip] file containing the following csv files: .. list-table:: Title :widths: 50 25 25 25 diff --git a/source/manual/firewall_settings.rst b/source/manual/firewall_settings.rst index 0e32039e..cab319b0 100644 --- a/source/manual/firewall_settings.rst +++ b/source/manual/firewall_settings.rst @@ -223,7 +223,7 @@ Enable syncookies This option is quite similar to the `syncookies `__ kernel setting, preventing memory allocation for local services before a proper handshake is made. -In this case pf will be protected agains state table exhaustion. +In this case pf will be protected against state table exhaustion. The following modes are available: diff --git a/source/manual/how-tos/caddy.rst b/source/manual/how-tos/caddy.rst index 3dab7c75..d16aa9c6 100644 --- a/source/manual/how-tos/caddy.rst +++ b/source/manual/how-tos/caddy.rst @@ -858,7 +858,7 @@ FAQ * | When using Caddy with IPv6, the best choice is to have a GUA (Global Unicast Address) on the WAN interface, since otherwise the TLS-ALPN-01 challenge might fail. * | `Let's Encrypt` or `ZeroSSL` can not be explicitly chosen. Caddy automatically issues one of these options, determined by speed and availability. These certificates can be found in ``/var/db/caddy/data/caddy/certificates``. * | When an `Upstream Destination` only supports TLS connections, yet does not offer a valid certificate, enable ``TLS Insecure Skip Verify`` in a `Handler` to mitigate connection problems. -* | Caddy upgrades all connections automatically from HTTP to HTTPS. When cookies do not have have the ``secure`` flag set by the application serving them, they can still be transmitted unencrypted before the connection is upgraded. If these cookies contain very sensitive information, it might be a good choice to close port 80. +* | Caddy upgrades all connections automatically from HTTP to HTTPS. When cookies do not have the ``secure`` flag set by the application serving them, they can still be transmitted unencrypted before the connection is upgraded. If these cookies contain very sensitive information, it might be a good choice to close port 80. * | There is optional Layer4 TCP/UDP routing support. In the scope of this plugin, only traffic that looks like TLS and has SNI can be routed. The `HTTP App` and `Layer4 App` can work together at the same time. * | There is no WAF (Web Application Firewall) support in this plugin. For a business grade Reverse Proxy with WAF functionality, use ``os-OPNWAF``. diff --git a/source/manual/how-tos/carp.rst b/source/manual/how-tos/carp.rst index 0cd76323..538ec268 100644 --- a/source/manual/how-tos/carp.rst +++ b/source/manual/how-tos/carp.rst @@ -177,7 +177,7 @@ And another using the following: +-------------------------+------------------------------------+ .. Note:: - Always create Carp VIPs with the same subnet mask as it's parent interface. If the parent interface + Always create Carp VIPs with the same subnet mask as its parent interface. If the parent interface is ``/24``, your Carp VIP should also be ``/24``. Even though some sources claim that ``/32`` will work, services like DHCP Failover will fail with ``peer holds all free leases``. diff --git a/source/manual/how-tos/drop.rst b/source/manual/how-tos/drop.rst index 03e7b7c0..4b397fe3 100644 --- a/source/manual/how-tos/drop.rst +++ b/source/manual/how-tos/drop.rst @@ -98,7 +98,7 @@ Enter the following configuration and leave all other parameters on default valu Step 3 - Firewall Rules Outbound Traffic ---------------------------------------- -Now do the same for outbound traffic traffic on the LAN interface. +Now do the same for outbound traffic on the LAN interface. Go to :menuselection:`Firewall --> Rules` Select the **LAN** tab and press the **+** icon in the lower right corner. diff --git a/source/manual/how-tos/dynamic_routing_bfd.rst b/source/manual/how-tos/dynamic_routing_bfd.rst index 3d662ba7..d66888f8 100644 --- a/source/manual/how-tos/dynamic_routing_bfd.rst +++ b/source/manual/how-tos/dynamic_routing_bfd.rst @@ -190,6 +190,6 @@ Verify the setup Go to :menuselection:`Routing --> Diagnostics --> BFD` and look at the Summary tab to view the status of the BFD neighbors. -The real benefit of BFD can only be seen if there are multiple routes with different cost. When the BFD packets are interrupted, the route will quickly be discarted and the next best route will be installed and chosen. This will happen in just a ping or even faster. +The real benefit of BFD can only be seen if there are multiple routes with different cost. When the BFD packets are interrupted, the route will quickly be discarded and the next best route will be installed and chosen. This will happen in just a ping or even faster. An example for a setup that will benefit from BFD is `IPsec Failover with VTI and OSPF `_ diff --git a/source/manual/how-tos/dynamic_routing_bgp.rst b/source/manual/how-tos/dynamic_routing_bgp.rst index 485e7ca0..b7c27042 100644 --- a/source/manual/how-tos/dynamic_routing_bgp.rst +++ b/source/manual/how-tos/dynamic_routing_bgp.rst @@ -313,7 +313,7 @@ They are your only upstream provider and will push a default route; you will not Your main task is configuring your neighbor correctly, employing a prefix list so that none of your local RFC1918 routes leak to the provider, and the provider can only announce the default route to you. If unsure, ask your provider what they expect from you as neighbor. Be mindful of a correct configuration, since an invalid one could get your neighbor -temporarly disabled by the ISP. +temporarily disabled by the ISP. .. Attention:: diff --git a/source/manual/how-tos/ipsec-s2s-route.rst b/source/manual/how-tos/ipsec-s2s-route.rst index 2a57cef3..92608d74 100644 --- a/source/manual/how-tos/ipsec-s2s-route.rst +++ b/source/manual/how-tos/ipsec-s2s-route.rst @@ -4,7 +4,7 @@ IPsec VTI - Route based setup Most Site-to-Site VPNs are policy-based, which means you define a local and a remote network (or group of networks). Only traffic matching the defined policy is pushed into the -VPN tunnel. As the demands for more complex and fault tolerant VPN scenarios growed over the +VPN tunnel. As the demands for more complex and fault tolerant VPN scenarios have grown over the years, most major router vendors implemented a kind of VPN, the route-based IPSec. The difference is that local and remote network is just 0.0.0.0/0, so anything can travel diff --git a/source/manual/how-tos/ipsec-s2s.rst b/source/manual/how-tos/ipsec-s2s.rst index f5640733..0de78dc3 100644 --- a/source/manual/how-tos/ipsec-s2s.rst +++ b/source/manual/how-tos/ipsec-s2s.rst @@ -485,7 +485,7 @@ Phase 1 won't come up That is a difficult one. First check you firewall rules to see if you allow the right ports and protocols (ESP, UDP 500 & UDP 4500) for the WAN interface. -Check your ipsec log to see if that reviels a possible cause. +Check your ipsec log to see if that reveals a possible cause. Common issues are unequal settings. Both ends must use the same PSK and encryption standard. diff --git a/source/manual/how-tos/ipv6_fb.rst b/source/manual/how-tos/ipv6_fb.rst index 6a4fbad4..225571ed 100644 --- a/source/manual/how-tos/ipv6_fb.rst +++ b/source/manual/how-tos/ipv6_fb.rst @@ -150,6 +150,6 @@ connecting via SSH to OPNsense on the CLI. In the directory `/tmp/` you will find several IPv6 related intermediate files. The most helpful here was `/tmp/_prefixv6`. In this file you will find the prefix delegated to you by your upstream router. If you are behind an FB and this file does not exist chances -are you forgot to seth the **Request only an IPv6 prefix** setting on the WAN interface. +are you forgot to set the **Request only an IPv6 prefix** setting on the WAN interface. Another helpful command is `radvdump`. This tool dumps the output of the router advertisements in a nicely formatted way. diff --git a/source/manual/how-tos/nginx.rst b/source/manual/how-tos/nginx.rst index 2ff67a15..f8f0a592 100644 --- a/source/manual/how-tos/nginx.rst +++ b/source/manual/how-tos/nginx.rst @@ -29,7 +29,7 @@ Give it a useful name and choose the previously created server. .. image:: images/nginx_edit_location_dialog2.png -Locations are are used to map URLs to upstreams, directories, settings and so on. +Locations are used to map URLs to upstreams, directories, settings and so on. In our case we want to proxy the request to the previously created upstream. If we want to match everything, we use "/" without a special matcher. Now save the location. diff --git a/source/manual/how-tos/nginx_basic_auth.rst b/source/manual/how-tos/nginx_basic_auth.rst index 22efbf03..e9980e84 100644 --- a/source/manual/how-tos/nginx_basic_auth.rst +++ b/source/manual/how-tos/nginx_basic_auth.rst @@ -82,6 +82,6 @@ Advanced Authentication The entry advanced authentication is used to call an external authentication provider. In the case of OPNsense, this is currently a special script, -which authenticates agains the local database. If you want to use it, +which authenticates against the local database. If you want to use it, do not enter a realm nor select a user list. Please note that this feature may change in the future. diff --git a/source/manual/how-tos/nginx_header_hardening.rst b/source/manual/how-tos/nginx_header_hardening.rst index 8ae422c2..8abecb99 100644 --- a/source/manual/how-tos/nginx_header_hardening.rst +++ b/source/manual/how-tos/nginx_header_hardening.rst @@ -94,7 +94,7 @@ opening tools also have a tab for networking. The network tab works like the main view of the proxy. You can see which headers are sent and which ones are received. The advantage here is that you get some errors on the console tab (for example -if the CSP has an error). The disadvantage of the console is, that is is not so +if the CSP has an error). The disadvantage of the console is, that it is not so easy to intercept and modify data. diff --git a/source/manual/how-tos/nginx_tls_fingerprints.rst b/source/manual/how-tos/nginx_tls_fingerprints.rst index 323a3afa..26706521 100644 --- a/source/manual/how-tos/nginx_tls_fingerprints.rst +++ b/source/manual/how-tos/nginx_tls_fingerprints.rst @@ -48,7 +48,7 @@ One contains ciphers, hashes etc., browsers should not support anymore (for example NULL, MD5, ...) so this is probably intercepted (it actually is OWASP ZAP_ 2.7.0) in this screenshot, which is intercepting a connection from Firefox 63. -In this case there is onle one big segment left, which is very likely the real +In this case there is only one big segment left, which is very likely the real browser fingerprint (or another proxy). In the following example, take a look at the pie chart diff --git a/source/manual/how-tos/orange_fr_fttp.rst b/source/manual/how-tos/orange_fr_fttp.rst index 95f20fad..d1c66513 100644 --- a/source/manual/how-tos/orange_fr_fttp.rst +++ b/source/manual/how-tos/orange_fr_fttp.rst @@ -48,7 +48,7 @@ select options DHCP and DHCPv6 in general configuration * dhcp-class-identifier "sagem" * user-class "+FSVDSL_livebox.Internet.softathome.Livebox6" * option-90 00:00:00:00:00:00:00:00:00:00:00:66:74:69:2f:65:77:74:FF:AB:XX:XX - (hex conversion of the the userid supplied by Orange which looks like fti/xxxxxxx) + (hex conversion of the userid supplied by Orange which looks like fti/xxxxxxx) * dhcp-client-identifier 01:XX:XX:XX:XX:XX:XX (you MUST use the same MAC address for the XX:XX as the one use for the DUID above) @@ -101,7 +101,7 @@ then add the following options in the 'Send Options' field * raw-option 15 00:2b:46:53:56:44:53:4c:5f:6c:69:76:65:62:6f:78:2e:49:6e:74:65:72:6e:65:74:2e:73:6f:66:74:61:74:68:6f:6d:65:2e:4c:69:76:65:62:6f:78:36 * raw-option 16 00:00:04:0e:00:05:73:61:67:65:6d * raw-option 11 00:00:00:00:00:00:00:00:00:00:00:66:74:69:2f:65:77:74:FF:AB:XX:XX - (hex conversion of the the userid supplied by Orange which looks like fti/xxxxxxx) + (hex conversion of the userid supplied by Orange which looks like fti/xxxxxxx) .. Note:: Use the exact same chain for IPv6 raw-option 11 and IPv4 option-90 diff --git a/source/manual/how-tos/proxywebfilter.rst b/source/manual/how-tos/proxywebfilter.rst index 25776b7e..1418adba 100644 --- a/source/manual/how-tos/proxywebfilter.rst +++ b/source/manual/how-tos/proxywebfilter.rst @@ -4,7 +4,7 @@ Setup Web Filtering Category based web filtering in OPNsense is done by utilizing the built-in proxy and one of the freely available or commercial blacklists. -For this this How-to we will utilize the `UT1 "web categorization list" `__ from the +For this How-to we will utilize the `UT1 "web categorization list" `__ from the Université Toulouse managed by Fabrice Prigent. This list is supplied for free under the `Creative Commons license `__. diff --git a/source/manual/how-tos/sslvpn_client.rst b/source/manual/how-tos/sslvpn_client.rst index 0dd05aa2..4322802f 100644 --- a/source/manual/how-tos/sslvpn_client.rst +++ b/source/manual/how-tos/sslvpn_client.rst @@ -103,7 +103,7 @@ and click **Add** in the top right corner of the form. .. TIP:: - You can also use the quick-search to jump right into the the Access Server + You can also use the quick-search to jump right into the Access Server configuration. Try it by typing *Ac...* and see for yourself: .. image:: images/qs-access_server.png diff --git a/source/manual/how-tos/stunnel.rst b/source/manual/how-tos/stunnel.rst index 3f45915c..528eaac5 100644 --- a/source/manual/how-tos/stunnel.rst +++ b/source/manual/how-tos/stunnel.rst @@ -32,7 +32,7 @@ authentication, which is more secure but comes with more (connect) overhead (htt } The above diagram shows the basic functionality as provided by this plugin, the client part (not delivered by this plugin) connects to -to the server at a predefined port and starts forwarding local received packets to the other end of the tunnel. +the server at a predefined port and starts forwarding local received packets to the other end of the tunnel. Securing http proxy traffic is one of the more common use-cases of stunnel. diff --git a/source/manual/how-tos/tor.rst b/source/manual/how-tos/tor.rst index 0e3437e5..c6ce18d6 100644 --- a/source/manual/how-tos/tor.rst +++ b/source/manual/how-tos/tor.rst @@ -40,12 +40,12 @@ Tor Service Settings This Port requires a password, which will not be disclosed to the GUI but can be queried via the API. This setting is available for you to handle Port conflicts, so you can change this port. -:Create a logfile, Send log messges to syslog: +:Create a logfile, Send log messages to syslog: Enable this checkbox if you want some logging. Please note that a detailed log may lead to privacy issues. :Logfile, Syslog level: If the corresponding checkbox is enabled, this will be the minimum severity - for sending or writing log messges. + for sending or writing log messages. :Fascist Mode: If internet access is filtered, you can try this option. Please note that this is not compatible with other features like "Hidden Services". @@ -107,7 +107,7 @@ fill out the form: :Enable: The entry will be added to the configuration file. - If this checkbox is unckecked, the entry is ignored. + If this checkbox is unchecked, the entry is ignored. :Protocol: Select the protocol in use for this ACL. You can choose between IPv4 and IPv6. diff --git a/source/manual/how-tos/user-local.rst b/source/manual/how-tos/user-local.rst index 89067239..cd26679b 100644 --- a/source/manual/how-tos/user-local.rst +++ b/source/manual/how-tos/user-local.rst @@ -56,7 +56,7 @@ the bottom right corner of the form. -Creating and maintainging API keys +Creating and maintaining API keys .......................................... .. raw:: html diff --git a/source/manual/how-tos/wireguard-s2s.rst b/source/manual/how-tos/wireguard-s2s.rst index 881bbf59..e618a135 100644 --- a/source/manual/how-tos/wireguard-s2s.rst +++ b/source/manual/how-tos/wireguard-s2s.rst @@ -105,7 +105,7 @@ Enable the *advanced mode* toggle. ====================== ==================================================================================================== **Enabled** *Checked* **Name** *wgopn-site-a* - **Public Key** *Insert the public key of the instance instance from wgopn-site-a* + **Public Key** *Insert the public key of the instance from wgopn-site-a* **Shared Secret** *Leave empty* **Allowed IPs** *10.2.2.1/32 172.16.0.0/24* **Endpoint Address** *203.0.113.1* diff --git a/source/manual/ipv6.rst b/source/manual/ipv6.rst index 4dfae152..a6674efd 100644 --- a/source/manual/ipv6.rst +++ b/source/manual/ipv6.rst @@ -57,7 +57,7 @@ Most concepts explained in this paragraph are part of the `Neighbor Discovery Pr Finding your neighbors [NS,NA] ------------------------------- -For a machine to know it's neighbors, it will use the neighbor discovery protocol (NDP), a bit similar to ARP on IPv4 networks, +For a machine to know its neighbors, it will use the neighbor discovery protocol (NDP), a bit similar to ARP on IPv4 networks, but using Neighbor Solicitation (:code:`ICMPv6 type 135`) and Neighbor Advertisement :code:`ICMPv6 type 136`) messages. In order to verify if a neighbor is known, you can use the NDP table in :menuselection:`Interfaces --> Diagnostics --> NDP Table`. diff --git a/source/manual/proxy.rst b/source/manual/proxy.rst index 1a52e759..696a994c 100644 --- a/source/manual/proxy.rst +++ b/source/manual/proxy.rst @@ -135,7 +135,7 @@ There are some rules to take into account when creating custom themed error page Not only is this faster to handle than separate image files it also prevents rendering issues in case images can't be accessed. * only existing error pages will be processed, if filenames won't match, the files won't be written to disk. you can use the download button to inspect what's being deployed (it will return a combined set of custom and standard files) -* it's best not to include files that are not altered, this saves room in the configurartion and prevents defauls from being overwritten. +* it's best not to include files that are not altered, this saves room in the configurartion and prevents defaults from being overwritten. .. Tip::