IPSec, is it possible?
Olivier Debré
pyrrhocorax at free.fr
Sat Oct 7 12:44:43 PDT 2006
Le samedi 07 octobre 2006 à 21:21 +0200, MK a écrit :
> Hello
>
> I would like to know if there is a way for traffic encryption between my
> computer, which is directed through my OpenBSD(NAT), to the internet.
> My situation is following:
>
> intranet ---- OpenBSD(NAT) --- internet
>
> It is obvious that anybody on the intranet can sniff my traffic and of
> course I don't like it. I was thinking about IPSec, so traffic from my PC
> could be encrypted and then decrypted by OpenBSD and directed to it's final
> destination. But I think that in case of NAT it is not possible, am I right?
Let's see. You mean you want to encrypt between your pc, situated on
what you call an intranet, and your OpenBSD gateway, right? In turn,
this means to me that you care about people around you peeking on your
traffic, and not those outside. Okay.
In this case, no worry about NAT, and IPsec, since no NAT is involved
somewhere in the tunnel, which ends at the gateway. Anyway, even if it
was, isakmpd can do NAT-traversal since 3.6
[http://www.openbsd.org/36.html].
Since you do not give us information about your computer, I won't
suggest any particular product, but I'd suggest two technos : IPsec, and
SSL VPNs.
> I can not use IP address of intranet OpenBSD interface because the traffic
> will be directed to the internet hence this rule will not take place and
> encrypt my traffic. Maybe I could use some proxy on OpenBSD but I wanted to
> avoid similar solution.
Don't understand what you mean.
> Do you think I can accomplish my requirements without proxy?
Sure.
> Thank you very much for any hint.
HTH.
More information about the Openbsd-newbies
mailing list