From owner-freebsd-net@freebsd.org Fri Jun 5 20:04:49 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B713033688E for ; Fri, 5 Jun 2020 20:04:49 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 49dtsY4M7Sz3TVm for ; Fri, 5 Jun 2020 20:04:49 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (c-73-92-239-114.hsd1.ca.comcast.net [73.92.239.114]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id 055K4lTb063078 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 5 Jun 2020 13:04:48 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: On Netgraph To: Tom Marcoen , freebsd-net@freebsd.org, eugen@grosbein.net References: From: Julian Elischer Message-ID: <4e1a0775-be6f-d1e7-4b10-33df717ba0bf@freebsd.org> Date: Fri, 5 Jun 2020 13:04:42 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.8.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Rspamd-Queue-Id: 49dtsY4M7Sz3TVm X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.00 / 15.00]; ASN(0.00)[asn:36236, ipnet:204.109.60.0/22, country:US]; TAGGED_RCPT(0.00)[]; local_wl_from(0.00)[freebsd.org] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2020 20:04:49 -0000 On 6/5/20 12:13 PM, Tom Marcoen wrote: > Hey Eugen, > > For some reason I did not receive your email. But I found your reply in the > archives. > > Anyway, the goal is to have two computers, each with a Netgraph bridge node > and jails connecting to these bridges. I want to connect both bridges over > the Internet securely. Using a UDP tunnel and encrypting that with IPsec or > wireguard or .... would be an option, but it would be nicer if I could use > a Netgraph-native option. In years past I used netgraph ksocket nodes to generate a udp tunnel and then set up IPSEC to encrypt it. can be done from the command line with about 10 lines from memory. Unfortunately I don't have those 10 line at hand as it was at JOB[current - 5] Julian > Regards, > Tom > > On Wed, 27 May 2020 at 10:06, Tom Marcoen wrote: > >> Hey all, >> >> I'm new to this mailing list and also quite new to FreeBSD (huray, welcome >> to me!) so bare with me, please. >> >> I'm reading up on Netgraph on how I can integrate it with FreeBSD jails >> and I was looking at some of the examples provided in >> /usr/share/examples/netgraph and now have the following question. >> The udp.tunnel example shows an iface point-to-point connection but it is >> unencrypted. Of course I could encrypt it with an IPsec tunnel on the host >> or tunnel it through SSH, but I was wondering whether there exists a nice >> Netgraph solution, e.g. a node with two hooks, receiving unencrypted >> traffic on the inside hook and sending out encrypted traffic on the outside >> hook. >> >> Regards, >> Tom >> > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"