Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
lan ipsec question [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Sadako
Advocate
Advocate


Joined: 05 Aug 2004
Posts: 3792
Location: sleeping in the bathtub

PostPosted: Mon Jun 13, 2011 7:09 pm    Post subject: lan ipsec question [SOLVED] Reply with quote

Okay, I'm playing around with ipsec on my lan (via ipsec-tools), with racoon running on my router.

Anything from a host on the lan destined for the router is encrypted as expected, however packets forwarded through the router are not.

I know this is expected behaviour, but I'd like to have packets destined outside the lan encrypted on the host and decrypted by the router prior to being sent on the external interface.

And yes, I know this doesn't serve much purpose, but I wanna figure out a way to do it anyways. :P

Best I can think of is to have everything on the hosts destined to the external wan sent directly to a proxy on the router first, which should do the trick but I'm looking for a cleaner solution without that, anyone have any ideas or know whether what I want is simply not possible?

I've done a good bit of looking around, but all the searches I've come up with have been too generic to get anything specific to what I want.

Thanks.
_________________
"You have to invite me in"


Last edited by Sadako on Mon Jun 13, 2011 11:14 pm; edited 1 time in total
Back to top
View user's profile Send private message
truc
Advocate
Advocate


Joined: 25 Jul 2005
Posts: 3199

PostPosted: Mon Jun 13, 2011 10:11 pm    Post subject: Reply with quote

IPSec tunnel or transport mode? If tunnel, then, may be try to play with your default gateway?
_________________
The End of the Internet!
Back to top
View user's profile Send private message
Sadako
Advocate
Advocate


Joined: 05 Aug 2004
Posts: 3792
Location: sleeping in the bathtub

PostPosted: Mon Jun 13, 2011 11:12 pm    Post subject: Reply with quote

truc wrote:
IPSec tunnel or transport mode? If tunnel, then, may be try to play with your default gateway?
Got it, braindead thinking on my part.

Was using transport mode, in tunnel mode with 0.0.0.0/0 as the src/dst for the hosts it does exactly what I want.

Tunnel mode seemed inappropiate for the lan setup I was after, but when I think about it, if I'm hiding (encrypting) the data payload then hiding the true source/dest ip addresses makes perfect sense too...

Thanks for pointing me in the right direction, as obvious as it may have been I probably would have spent days banging my head against the desk trying to figure this one out.
_________________
"You have to invite me in"
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum