I didn't really mean that thing about "transport" although it would also
be a nice feature.
What I'm looking for is this kind of ability, as used in KAME:
spdadd 0.0.0.0/0 10.0.0.8 any -P out ipsec
spdadd 10.0.0.8 0.0.0.0/0 any -P in ipsec esp/tunnel/10.0.0.8-10.0.0.1/use;
This worked like a charm for me with my old NetBSD firewall, so I would
really want it to work with m0n0wall.
> This would require the usage of the ipsec transport protocol, as
> opposed to a regular tunnel. Has anyone implemented this in their
> m0n0wall? Anyone having plans to do it? I believe it would provide
> huge benefits over a non-encrypted LAN.