diff --git a/src/etc/ipsec.conf b/src/etc/ipsec.conf
index 0f507e9f..81802313 100644
--- a/src/etc/ipsec.conf
+++ b/src/etc/ipsec.conf
@@ -1,4 +1,4 @@
-#	$OpenBSD: ipsec.conf,v 1.1 2005/12/24 15:44:12 hshoexer Exp $
+#	$OpenBSD: ipsec.conf,v 1.2 2006/03/07 09:08:30 jmc Exp $
 #
 # See ipsec.conf(5) for syntax and examples.
 
@@ -15,10 +15,10 @@ ike esp from 192.168.3.1 to 192.168.3.2 \
 
 # Set up a tunnel using static keying:
 #
-# The first rules sets up the flow, second the SA.  As default
-# transforms ipsecctl(8) will use hmac-sha2-256 for authentication
-# and aesctr for encryption.  hmac-sha2-256 uses a 256 bit key, aesctr
-# a 160 bit key.
+# The first rule sets up the flow; the second sets up the SA.  As default
+# transforms, ipsecctl(8) will use hmac-sha2-256 for authentication
+# and aesctr for encryption.  hmac-sha2-256 uses a 256-bit key; aesctr
+# a 160-bit key.
 
 flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer 192.168.3.2
 esp from 192.168.3.1 to 192.168.3.2 spi 0xdeadbeef:0xbeefdead \