you can set up pseudo interfaces using netgraph iface and ksocket nodes so that anything going into the interface is encapsulated in a UDP packet. The set up IPSEC to encrypt the packets tat aer sent to the virtual interface.. you get ESP inside normal UDP. (will that do?) It's all in setting up the routing so that the ESP packets get routed to the netgraph interfaces, which are attached to the ksocket nodes which are set to UDP and bound to addresses..
I use something similar here except that I then re-encrypt the final tunnel as well :-) On Tue, 18 Jun 2002, Christophe Prevotaux wrote: > Hi, > > Could someone tell me if there is a way to build a VPN(like) tunnel from > a FreeBSD machine acting as a VPN gateway to another machine acting as > another VPN gateway using normal IP packets that have only their data > payload encrypted. Of course there would have to be a way to setup the > tunnel and still retain the network addressing of each side of the VPN > > I thought about some kind of IPIP tunneling but with data payload > encryption and some kind of key exchange for authentication > > has anyone made or seen such a system yet ? > > I do not want to use (I can't) AH and ESP for this because of some > technical contraints > > +-------------+ +---------+ > | VPN gateway |---| Router |--------+ > --Network A===|==FreeBSD====|===|=========|== | > +-------------+ +---------+ || | > VPN Internet > || | > +-------------+ +---------+ || | > --Network B===|=VPN gateway=|===|=Router==|== | > | FreeBSD |---| |--------+ > +-------------+ +---------+ > > -- > =============================================================== > Christophe Prevotaux Email: [EMAIL PROTECTED] > HEXANET SARL URL: http://www.hexanet.fr/ > Z.A.C Les Charmilles Tel: +33 (0)3 26 79 30 05 > 3 Allée Thierry Sabine Direct: +33 (0)3 26 61 77 72 > BP202 Fax: +33 (0)3 26 79 30 06 > 51686 Reims Cedex 2 > FRANCE HEXANET Network Operation Center > =============================================================== > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message