From owner-freebsd-questions Tue Dec 10 8:32:43 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68FD937B401 for ; Tue, 10 Dec 2002 08:32:42 -0800 (PST) Received: from entwistle.sonicboom.org (node-423a3b1b-san-onnet.worldcom.com [66.58.59.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id E5C5D43EC2 for ; Tue, 10 Dec 2002 08:32:41 -0800 (PST) (envelope-from bri@sonicboom.org) Received: from me (gateway.sonicboom.org [66.58.59.29]) by entwistle.sonicboom.org (8.12.6/8.12.6) with SMTP id gBAGWfPe071126; Tue, 10 Dec 2002 08:32:41 -0800 (PST) (envelope-from bri@sonicboom.org) Message-ID: <014101c2a069$d17a2b10$2324200a@me> From: "Brian" To: "Jeff Walters" , References: <825B5EDE-0C5B-11D7-A833-00039342A52C@yahoo.com> Subject: Re: IPsec on a NAT gateway Date: Tue, 10 Dec 2002 08:33:01 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Theres good info on http://www.samag.com/documents/s=7121/sam0205a/sam0205a.htm, including some ipsec linkage at the bottom. Brian ----- Original Message ----- From: "Jeff Walters" To: Sent: Tuesday, December 10, 2002 8:21 AM Subject: IPsec on a NAT gateway > At home I have a FreeBSD gateway working nicely for NAT and firewall. > One of the machines behind this firewall is an OS X iBook running > through a WEP-enabled Airport base station in bridged mode (i.e. it > only bridges the wireless and the ethernet). WEP has known problems, > and I'd like to secure the link between the iBook and the FreeBSD > firewall against snooping or malicious neighbors, etc. > > I think that IPsec is the closest thing to an answer, however after > much digging through setkey man pages, the FreeBSD handbook, and other > HOWTO web pages nothing clearly describes this configuration. This is > not really IPSec transport mode, because it's only secure between host > and gateway not host and host, and it's not tunnel mode because I'm not > joining two LANs. Has anyone done this? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message