I'm sure I can come up with those ten-or-so lines myself. I was just hoping I could use a Netgraph node which performs the encryption before sending it through the ksocket node. Perhaps I should write such a node then.
On Fri, 5 Jun 2020 at 22:04, Julian Elischer <jul...@freebsd.org> wrote: > On 6/5/20 12:13 PM, Tom Marcoen wrote: > > Hey Eugen, > > > > For some reason I did not receive your email. But I found your reply in > the > > archives. > > > > Anyway, the goal is to have two computers, each with a Netgraph bridge > node > > and jails connecting to these bridges. I want to connect both bridges > over > > the Internet securely. Using a UDP tunnel and encrypting that with IPsec > or > > wireguard or .... would be an option, but it would be nicer if I could > use > > a Netgraph-native option. > > > In years past I used netgraph ksocket nodes to generate a udp tunnel > and then set up IPSEC to encrypt it. > > can be done from the command line with about 10 lines from memory. > > Unfortunately I don't have those 10 line at hand as it was at > JOB[current - 5] > > Julian > > > > Regards, > > Tom > > > > On Wed, 27 May 2020 at 10:06, Tom Marcoen <tom.marc...@gmail.com> wrote: > > > >> Hey all, > >> > >> I'm new to this mailing list and also quite new to FreeBSD (huray, > welcome > >> to me!) so bare with me, please. > >> > >> I'm reading up on Netgraph on how I can integrate it with FreeBSD jails > >> and I was looking at some of the examples provided in > >> /usr/share/examples/netgraph and now have the following question. > >> The udp.tunnel example shows an iface point-to-point connection but it > is > >> unencrypted. Of course I could encrypt it with an IPsec tunnel on the > host > >> or tunnel it through SSH, but I was wondering whether there exists a > nice > >> Netgraph solution, e.g. a node with two hooks, receiving unencrypted > >> traffic on the inside hook and sending out encrypted traffic on the > outside > >> hook. > >> > >> Regards, > >> Tom > >> > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > > > _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
