From owner-freebsd-net  Fri Sep 28  9: 3:59 2001
Delivered-To: freebsd-net@freebsd.org
Received: from InterJet.elischer.org (c421509-a.pinol1.sfba.home.com [24.7.86.9])
	by hub.freebsd.org (Postfix) with ESMTP id 1114A37B410
	for <freebsd-net@freebsd.org>; Fri, 28 Sep 2001 09:03:50 -0700 (PDT)
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id JAA71157;
	Fri, 28 Sep 2001 09:57:00 -0700 (PDT)
Date: Fri, 28 Sep 2001 09:57:00 -0700 (PDT)
From: Julian Elischer <julian@elischer.org>
To: Rasputin <rasputin@submonkey.net>
Cc: freebsd-net@freebsd.org
Subject: Re: IPSec basics
In-Reply-To: <20010928105322.A494@shikima.mine.nu>
Message-ID: <Pine.BSF.4.21.0109280955540.71138-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org


how does a freebsd machine pose as an airport?
That requires you run special AP firmware on the card.


On Fri, 28 Sep 2001, Rasputin wrote:

> 
> Hi there,
> 
> I'm about to try to set IPSec over a wireless link (as WEP can't be trusted),
> and just wanted to check I have the concepts straight in my head.
> 
> One end is an iBook which connects to the Net via a FreeBSD
> gateway, posing as an Airport.
> 
> The FreeBSD box runs ipf and ipnat.
> The iBook will be using PGPDesktopSecurity, since that's the
> only IPSec client for OS9 I know of.
> 
> All I want to do is encrypt traffic over the wireless,
> and use it for authentication as well.
> 
> This is a pure IPv4 setup ,and all I *think* I need is
> transport mode.
> 
> I hear IPSec doesn't grok NAT, but I'm hoping this is referring 
> to tunnel mode (i.e. VPNs).
> 
> Just wanted to check that would work.
> 
> Also, will the ruleset on the firewall need changing, or
> is IPsec handled before the packets hit the firewall?
> 
>  If changes are needed, a tutorial would be very useful.
> 
> Thnaks a lot.
> -- 
> "Hey!  Who took the cork off my lunch??!"
> 		-- W. C. Fields
> Rasputin :: Jack of All Trades - Master of Nuns ::
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message