Date: Fri, 5 Jun 2020 13:04:42 -0700 From: Julian Elischer <julian@freebsd.org> To: Tom Marcoen <tom.marcoen@gmail.com>, freebsd-net@freebsd.org, eugen@grosbein.net Subject: Re: On Netgraph Message-ID: <4e1a0775-be6f-d1e7-4b10-33df717ba0bf@freebsd.org> In-Reply-To: <CAJ-iVrNLtokv1abMWht=B1CZKxOC_Q=EvOh_hs%2BS3b%2Bd4F5RMA@mail.gmail.com> References: <CAJ-iVrNn=9-Z5YHG4j=adnFiiTbDLED6ArYh8j9Zepn0k8=6KA@mail.gmail.com> <CAJ-iVrNLtokv1abMWht=B1CZKxOC_Q=EvOh_hs%2BS3b%2Bd4F5RMA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/5/20 12:13 PM, Tom Marcoen wrote: > Hey Eugen, > > For some reason I did not receive your email. But I found your reply in the > archives. > > Anyway, the goal is to have two computers, each with a Netgraph bridge node > and jails connecting to these bridges. I want to connect both bridges over > the Internet securely. Using a UDP tunnel and encrypting that with IPsec or > wireguard or .... would be an option, but it would be nicer if I could use > a Netgraph-native option. In years past I used netgraph ksocket nodes to generate a udp tunnel and then set up IPSEC to encrypt it. can be done from the command line with about 10 lines from memory. Unfortunately I don't have those 10 line at hand as it was at JOB[current - 5] Julian > Regards, > Tom > > On Wed, 27 May 2020 at 10:06, Tom Marcoen <tom.marcoen@gmail.com> wrote: > >> Hey all, >> >> I'm new to this mailing list and also quite new to FreeBSD (huray, welcome >> to me!) so bare with me, please. >> >> I'm reading up on Netgraph on how I can integrate it with FreeBSD jails >> and I was looking at some of the examples provided in >> /usr/share/examples/netgraph and now have the following question. >> The udp.tunnel example shows an iface point-to-point connection but it is >> unencrypted. Of course I could encrypt it with an IPsec tunnel on the host >> or tunnel it through SSH, but I was wondering whether there exists a nice >> Netgraph solution, e.g. a node with two hooks, receiving unencrypted >> traffic on the inside hook and sending out encrypted traffic on the outside >> hook. >> >> Regards, >> Tom >> > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4e1a0775-be6f-d1e7-4b10-33df717ba0bf>