From owner-freebsd-net@FreeBSD.ORG Wed May 6 06:29:08 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 63F46D2E for ; Wed, 6 May 2015 06:29:08 +0000 (UTC) Received: from mail-oi0-f42.google.com (mail-oi0-f42.google.com [209.85.218.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2ECA916FD for ; Wed, 6 May 2015 06:29:07 +0000 (UTC) Received: by oign205 with SMTP id n205so258832oig.2 for ; Tue, 05 May 2015 23:29:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=RlPB7p+cdLuE6byWMMFjPPHzdFSR2O8jI8l9YX4fJzQ=; b=mV5Si8jE/EdmUs+tqMPk9fnHxtRQGBwVJG4YSW96GrgDVTOiFJkqKxzdjzATzPxksT Ff7GU15ndKuYBGufLHSFLaGo2CCeyOm4N+VBYVWvXN7UMEPPmSgeGMEG6BnneI+GizfW j7eibIdvZO0uhSEDa0TVE0C/ABFo2MPmq8/ZUopwojQy4LPEV53ZVumikbr+GlcRvM1l RxuufpvIaB83HXq1Zec0KaryRrhd773r348EuXxST/mfBc4q/ze3+PuphrzKQkGMzKU0 EIwl5Wmp25Eo22IvyxL+B4csPGRpFZKQyjgrKQXN1fKqkRDeXpK6M1KxE1PXVNhZIy9H LJ2A== X-Gm-Message-State: ALoCoQlyOa9XbsLHkK1UTPKzzr3QbF+5itxo0nCv7zmieJQZNJKxFTbQz7fBIvzbAB/SD2iRzGCW X-Received: by 10.60.92.73 with SMTP id ck9mr25221179oeb.60.1430893740849; Tue, 05 May 2015 23:29:00 -0700 (PDT) Received: from jims-mbp.netgate.com (65-36-83-120.static.grandenetworks.net. [65.36.83.120]) by mx.google.com with ESMTPSA id v15sm493325oif.10.2015.05.05.23.29.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 05 May 2015 23:29:00 -0700 (PDT) Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) Subject: Re: IPsec on a LAN? From: Jim Thompson In-Reply-To: <20150506061029.GG4033@blisses.org> Date: Wed, 6 May 2015 01:28:59 -0500 Cc: freebsd-net@freebsd.org Message-Id: <7D6A77D9-9EFE-471D-97BA-E1D854AE23B1@netgate.com> References: <20150506061029.GG4033@blisses.org> To: Mason Loring Bliss X-Mailer: Apple Mail (2.2098) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 May 2015 06:29:08 -0000 What you=E2=80=99re looking for is =E2=80=9Ctransport mode=E2=80=9D = IPsec. Dan Langille wrote this 14 years ago, it may still be accurate. http://www.freebsddiary.org/ipsec.php = This is a bit more recent (14 months ago), and should be easy to adapt = to two FreeBSD hosts: http://www.schmidp.com/2014/01/20/ipsec-between-freebsd-and-mac-osx/ Jim > On May 6, 2015, at 1:10 AM, Mason Loring Bliss = wrote: >=20 > Hi there! >=20 > I'm trying to find a resource for learning how to go about setting up = IPsec > on an IPv4 LAN. The Handbook and just about every resources I can find = on the > 'net talks about using IPsec to tunnel to another site, but I just = want my > local boxes (or some subset of them) to encrypt traffic to each other. >=20 > My specific desire is to set up NFS between several local machines and = have > it use an encrypted transport. It seems that IPsec is the only game in = town, > and that it's very poorly documented, especially for use on a LAN as = opposed > to for setting up a VPN between sites. I'd love pointers. >=20 > Thank you! >=20 > --=20 > Mason Loring Bliss mason@blisses.org Ewige = Blumenkraft! > awake ? sleep : random() & 2 ? dream : sleep; -- Hamlet, Act III, = Scene I > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"