From owner-freebsd-net Fri Sep 28 2:53:13 2001 Delivered-To: freebsd-net@freebsd.org Received: from shikima.mine.nu (pc1-card3-0-cust115.cdf.cable.ntl.com [62.252.49.115]) by hub.freebsd.org (Postfix) with ESMTP id 6400537B406 for ; Fri, 28 Sep 2001 02:53:11 -0700 (PDT) Received: from rasputin by shikima.mine.nu with local (Exim 3.33 #1) id 15muKg-00008P-00 for freebsd-net@freebsd.org; Fri, 28 Sep 2001 10:53:22 +0100 Date: Fri, 28 Sep 2001 10:53:22 +0100 From: Rasputin To: freebsd-net@freebsd.org Subject: IPSec basics Message-ID: <20010928105322.A494@shikima.mine.nu> Reply-To: Rasputin Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi there, I'm about to try to set IPSec over a wireless link (as WEP can't be trusted), and just wanted to check I have the concepts straight in my head. One end is an iBook which connects to the Net via a FreeBSD gateway, posing as an Airport. The FreeBSD box runs ipf and ipnat. The iBook will be using PGPDesktopSecurity, since that's the only IPSec client for OS9 I know of. All I want to do is encrypt traffic over the wireless, and use it for authentication as well. This is a pure IPv4 setup ,and all I *think* I need is transport mode. I hear IPSec doesn't grok NAT, but I'm hoping this is referring to tunnel mode (i.e. VPNs). Just wanted to check that would work. Also, will the ruleset on the firewall need changing, or is IPsec handled before the packets hit the firewall? If changes are needed, a tutorial would be very useful. Thnaks a lot. -- "Hey! Who took the cork off my lunch??!" -- W. C. Fields Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message