From owner-freebsd-questions Fri Aug 30 1:53:50 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76D6437B400 for ; Fri, 30 Aug 2002 01:53:46 -0700 (PDT) Received: from mx.ant.uni-bremen.de (antsrv1.ant.uni-bremen.de [134.102.176.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF23943E3B for ; Fri, 30 Aug 2002 01:53:45 -0700 (PDT) (envelope-from rebehn@ant.uni-bremen.de) Received: from taipeh.ant.uni-bremen.de ([134.102.176.3] helo=ant.uni-bremen.de) by antsrv1.ant.uni-bremen.de with esmtp (Exim 3.34 #1) id 17khWy-0005hl-00; Fri, 30 Aug 2002 10:53:28 +0200 Message-ID: <3D6F3312.6020304@ant.uni-bremen.de> Date: Fri, 30 Aug 2002 10:55:46 +0200 From: Heinrich Rebehn User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826 X-Accept-Language: en-us, en MIME-Version: 1.0 To: neal@nelson.name Cc: freebsd-questions@freebsd.org Subject: Re: IPSec on a wireless AP References: <20020830071131.GK484@server> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Neal Nelson wrote: > I'm trying to set up IPSec between my access point (FreeBSD with > wireless in HostAP mode) and laptop. > > I'm using transport mode and things work OK between the laptop and AP. > All is encrypted and working OK. When I ping another node on my network, > everything is in the clear (I'm using tcpdump on the wireless interface). > > I assumed that since my AP is my gateway for my laptop, all packets > would obviously have to be sent there first and therefore encrypted. > This does not seem to be so. > > Does anyone know how I can encrypt all data between my laptop and AP > using IPSec? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > Hi Neal, examine the routes on your laptop. I had the same problem the oter day. Since my IPsec gateway was on the same subnet as my laptop, there was not only the route 0.0.0.0 -> x.x.x.gateway but also a route to x.x.x.0 -> so every packet on a machine on x.x.x.0 other than the gateway was sent directly and thus in cleartext. HTH Heinrich -- Heinrich Rebehn University of Bremen Physics / Electrical and Electronics Engineering - Department of Telecommunications - E-mail: mailto:rebehn@ant.uni-bremen.de Phone : +49/421/218-4664 Fax : -3341 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message