Date: Tue, 10 Dec 2002 12:25:49 -0500 (EST) From: Dru <dlavigne6@cogeco.ca> To: Jeff Walters <jwalters_1@yahoo.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPsec on a NAT gateway Message-ID: <20021210122319.T41610-100000@dhcp-17-14.kico2.on.cogeco.ca> In-Reply-To: <825B5EDE-0C5B-11D7-A833-00039342A52C@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Dec 2002, Jeff Walters wrote: > At home I have a FreeBSD gateway working nicely for NAT and firewall. > One of the machines behind this firewall is an OS X iBook running > through a WEP-enabled Airport base station in bridged mode (i.e. it > only bridges the wireless and the ethernet). WEP has known problems, > and I'd like to secure the link between the iBook and the FreeBSD > firewall against snooping or malicious neighbors, etc. > > I think that IPsec is the closest thing to an answer, however after > much digging through setkey man pages, the FreeBSD handbook, and other > HOWTO web pages nothing clearly describes this configuration. This is > not really IPSec transport mode, because it's only secure between host > and gateway not host and host, and it's not tunnel mode because I'm not > joining two LANs. Has anyone done this? The configuration you describe is still considered tunnel mode, even though it looks part transport / part tunnel mode. Tunnel mode occurs whenever a gateway encrypts on behalf of a network. Typical tunnels have gateways at both ends, however it is possible to have a gateway at one end and a single machine at the other. HTH, Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021210122319.T41610-100000>