Re: [m0n0wall] IPSec on LAN interface?

From:	Thomas Hertz <thomas at hz dot se>
To:	Thomas Hertz <thomas at hz dot se>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] IPSec on LAN interface?
Date:	Fri, 24 Oct 2003 15:52:34 +0200

I didn't really mean that thing about "transport" although it would also 
be a nice feature.
What I'm looking for is this kind of ability, as used in KAME:

spdadd 0.0.0.0/0 10.0.0.8 any -P out ipsec 
esp/tunnel/10.0.0.1-10.0.0.8/use;
spdadd 10.0.0.8 0.0.0.0/0 any -P in ipsec esp/tunnel/10.0.0.8-10.0.0.1/use;

This worked like a charm for me with my old NetBSD firewall, so I would 
really want it to work with m0n0wall.

-- 
ibid

>
> This would require the usage of the ipsec transport protocol, as 
> opposed to a regular tunnel. Has anyone implemented this in their 
> m0n0wall? Anyone having plans to do it? I believe it would provide 
> huge benefits over a non-encrypted LAN.