From owner-freebsd-security Mon Feb 18 0: 3:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by hub.freebsd.org (Postfix) with ESMTP id 73B4337B416 for ; Mon, 18 Feb 2002 00:03:31 -0800 (PST) Received: by elvis.mu.org (Postfix, from userid 1192) id 53B27AE6FF; Mon, 18 Feb 2002 00:03:31 -0800 (PST) Date: Mon, 18 Feb 2002 00:03:31 -0800 From: Alfred Perlstein To: security@freebsd.org Subject: using ipsec on dynamic addresses? Message-ID: <20020218080331.GT12136@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm looking to secure a wireless LAN. It looks like this: _______________________ _____________ / Wireless Lan \ \ / / xl0->DSL/internet < >- _|_<-ethernet->fxp0 router xl1->LAN \ Laptop-A Laptop-B etc / wireless \____________| '---------------------' base-station What I think I want to do is: block traffic going _through_ fxp0 but not _into_ fxp0, generate keys for each laptop on the router, give each laptop its own key, have the laptops DHCP an address, have laptops authenticate via the key and negotiate secure connections, finally be done with this nightmare. I don't really need any hooks into dhclient I think I can figure that out on my own, it's just the key generation thing and dynamic addresses that seem to be a real pain. Anyone aware of any howtos on doing this? thanks, -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message