Date: Tue, 10 Dec 2002 18:11:56 -0500 From: Jeff Walters <jwalters_1@yahoo.com> To: Dru <dlavigne6@cogeco.ca> Cc: freebsd-questions@freebsd.org Subject: Re: IPsec on a NAT gateway Message-ID: <C738AB10-0C94-11D7-A833-00039342A52C@yahoo.com> In-Reply-To: <20021210122319.T41610-100000@dhcp-17-14.kico2.on.cogeco.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, Dec 10, 2002, at 12:25 US/Eastern, Dru wrote: > The configuration you describe is still considered tunnel mode, even > though it looks part transport / part tunnel mode. Tunnel mode occurs > whenever a gateway encrypts on behalf of a network. Typical tunnels > have > gateways at both ends, however it is possible to have a gateway at one > end > and a single machine at the other. Thanks for the insight. I will look more closely at the tunnel mode. I'm wondering if it isn't a better idea to use the FreeBSD box itself as the wireless access point, though it would require me buying a wireless card. Even with notebook-to-gateway IPsec someone could still bridge into my LAN through the Airport base station by breaking WEP and emulating my MAC address. Whereas if the wireless access point was on the FreeBSD gateway box I could set up the wireless side like an IPsec VPN, and set up firewall rules to protect my wired LAN. Thanks for the responses. Jeff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C738AB10-0C94-11D7-A833-00039342A52C>