| View previous topic :: View next topic |
| Author |
Message |
GurliGebis
Retired Dev
Joined: 08 Aug 2002
Posts: 509
|
 Posted: Thu Jul 08, 2004 11:59 pm Post subject: ipsec encrypt communication |
 |
|
Is there a way to set up a gentoo box, that acts like a router, so people from wlan have to use ipsec to go through the router onto the network and the internet, I don't want an extra interface, I just need to find a way to encrypt the trafic between linux<->linux boxes, windows<->linux boxes.
I don't want an extra interface created with a tunnel, just the trafic encrypted.
Is this possible?
_________________
Queen Rocks. |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Fri Jul 09, 2004 9:52 am Post subject: |
|
|
Not unless you're willing to rewrite the TCP/IP stacks the kernel uses.
In other words, nope.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
GurliGebis
Retired Dev
Joined: 08 Aug 2002
Posts: 509
|
| Posted: Fri Jul 09, 2004 4:14 pm Post subject: |
|
|
okay, thanks anyway.
_________________
Queen Rocks. |
|
| Back to top |
|
|
nevynxxx
Veteran
Joined: 12 Nov 2003
Posts: 1123
Location: Manchester - UK
|
| Posted: Fri Jul 09, 2004 4:58 pm Post subject: |
|
|
This Seems to disagree.
It explains setting up IPSEC in a 2.6 kernel.
so you could have a small router between your wlan access point and your network, put iptables on it, set it up as explained in the link. Set iptables to reject everything, but accept ipsec packets, and to masquerade them, and your done.
_________________
My Public Key
Wanted: Instructor in the art of Bowyery |
|
| Back to top |
|
|
primero.gentoo
Guru
Joined: 23 Dec 2003
Posts: 402
|
| Posted: Fri Jul 09, 2004 11:20 pm Post subject: |
|
|
it is not a difficult setup, i have an environment like you want at home.
Use ipsec 2.6 racoon implementaion , it does not use virtual interface, it just encrypt your traffic. Then connect the AP to a dedicated interface at you Linux Box.
Then setup your ipsec like explained in the link above and you have encryption.
To do a filtering with iptables to ensure that all traffic accepted on that interface is from an authenticaed IPSEC connection i solved using a MARKING for all ESP packets arriving on the AP interface. If this packets are validated from IPSEC they are decrypted and enter again the iptables chains with the mark still on them. Now you can filter your packets based on this mark to be sure that they have been authenticated and accepted from ipsec.
Bye
_________________
"Linux, the choice of a GNU generation"
==Micro$oft - just say NO==
(L#USER 353039) |
|
| Back to top |
|
|
GurliGebis
Retired Dev
Joined: 08 Aug 2002
Posts: 509
|
| Posted: Fri Jul 09, 2004 11:23 pm Post subject: |
|
|
primero.gentoo > Cool, does this support Windows clients too?
_________________
Queen Rocks. |
|
| Back to top |
|
|
|
Networking & Security
