From owner-freebsd-net@FreeBSD.ORG  Wed May  6 06:10:39 2015
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 13CCDAF8
 for <freebsd-net@freebsd.org>; Wed,  6 May 2015 06:10:39 +0000 (UTC)
Received: from phlegethon.blisses.org (phlegethon.blisses.org [50.56.97.101])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EC5A51506
 for <freebsd-net@freebsd.org>; Wed,  6 May 2015 06:10:37 +0000 (UTC)
Received: from blisses.org (cocytus.blisses.org [23.25.209.73])
 by phlegethon.blisses.org (Postfix) with ESMTPSA id 3B3D6149090
 for <freebsd-net@freebsd.org>; Wed,  6 May 2015 02:10:31 -0400 (EDT)
Date: Wed, 6 May 2015 02:10:29 -0400
From: Mason Loring Bliss <mason@blisses.org>
To: freebsd-net@freebsd.org
Subject: IPsec on a LAN?
Message-ID: <20150506061029.GG4033@blisses.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2015 06:10:39 -0000

Hi there!

I'm trying to find a resource for learning how to go about setting up IPsec
on an IPv4 LAN. The Handbook and just about every resources I can find on the
'net talks about using IPsec to tunnel to another site, but I just want my
local boxes (or some subset of them) to encrypt traffic to each other.

My specific desire is to set up NFS between several local machines and have
it use an encrypted transport. It seems that IPsec is the only game in town,
and that it's very poorly documented, especially for use on a LAN as opposed
to for setting up a VPN between sites. I'd love pointers.

Thank you!

-- 
Mason Loring Bliss          mason@blisses.org          Ewige Blumenkraft!
awake ? sleep : random() & 2 ? dream : sleep; -- Hamlet, Act III, Scene I