[ previous ] [ next ] [ threads ]
 From:  Thomas Hertz <thomas at hz dot se>
 To:  Thomas Hertz <thomas at hz dot se>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSec on LAN interface?
 Date:  Fri, 24 Oct 2003 15:52:34 +0200
I didn't really mean that thing about "transport" although it would also 
be a nice feature.
What I'm looking for is this kind of ability, as used in KAME:

spdadd any -P out ipsec 
spdadd any -P in ipsec esp/tunnel/;

This worked like a charm for me with my old NetBSD firewall, so I would 
really want it to work with m0n0wall.


> This would require the usage of the ipsec transport protocol, as 
> opposed to a regular tunnel. Has anyone implemented this in their 
> m0n0wall? Anyone having plans to do it? I believe it would provide 
> huge benefits over a non-encrypted LAN.