Date: Tue, 18 Jun 2002 16:41:23 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Christophe Prevotaux <c.prevotaux@hexanet.fr> Cc: net@freebsd.org Subject: Re: IPIP (kind of) with Payload Encryption only Message-ID: <Pine.BSF.4.21.0206181638010.21905-100000@InterJet.elischer.org> In-Reply-To: <20020618153956.2a9352fa.c.prevotaux@hexanet.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
you can set up pseudo interfaces using netgraph iface and ksocket
nodes so that anything going into the interface is encapsulated in a UDP
packet. The set up IPSEC to encrypt the packets tat aer sent to the
virtual interface.. you get ESP inside normal UDP.
(will that do?)
It's all in setting up the routing so that the ESP packets get routed to
the netgraph interfaces, which are attached to the ksocket nodes
which are set to UDP and bound to addresses..
I use something similar here except that I then re-encrypt the
final tunnel as well :-)
On Tue, 18 Jun 2002, Christophe Prevotaux wrote:
> Hi,
>=20
> Could someone tell me if there is a way to build a VPN(like) tunnel from
> a FreeBSD machine acting as a VPN gateway to another machine acting as
> another VPN gateway using normal IP packets that have only their data
> payload encrypted. Of course there would have to be a way to setup the
> tunnel and still retain the network addressing of each side of the VPN
>=20
> I thought about some kind of IPIP tunneling but with data payload
> encryption and some kind of key exchange for authentication
>=20
> has anyone made or seen such a system yet ?=20
>=20
> I do not want to use (I can't) AH and ESP for this because of some
> technical contraints=20
>=20
> +-------------+ +---------+
> | VPN gateway |---| Router |--------+
> --Network A=3D=3D=3D|=3D=3DFreeBSD=3D=3D=3D=3D|=3D=3D=3D|=3D=3D=3D=3D=3D=
=3D=3D=3D=3D|=3D=3D |
> +-------------+ +---------+ || | =20
> VPN Internet =20
> || | =20
> +-------------+ +---------+ || | =20
> --Network B=3D=3D=3D|=3DVPN gateway=3D|=3D=3D=3D|=3DRouter=3D=3D|=3D=3D =
|
> | FreeBSD |---| |--------+
> +-------------+ +---------+
>=20
> --
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> Christophe Prevotaux Email: c.prevotaux@hexanet.fr
> HEXANET SARL URL: http://www.hexanet.fr/
> Z.A.C Les Charmilles Tel: +33 (0)3 26 79 30 05=20
> 3 All=E9e Thierry Sabine Direct: +33 (0)3 26 61 77 72=20
> BP202 Fax: +33 (0)3 26 79 30 06
> 51686 Reims Cedex 2 =09=09 =20
> FRANCE HEXANET Network Operation Center =20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
>=20
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0206181638010.21905-100000>