Hello,
I'm fairly new to OpenBSD. I need to create a simple IPSec setup,
which is (as I learned) called "bump-in-the-wire". Basically, I have
OpenBSD box with two ethernet interfaces bridged together. I want to
protect communication with one particular server in _transport_ mode
with IPSec. That means creating a security association and
establishing connection. I was not able to find a good documentation
on how to do this.
IP1 <-----(openbsd bridge)------> IP2
^ ^
safe ethernet not safe ethernet
openbsd bridge does not have an ip address. If it sees that there's a
packet coming to IP2, it quickly establishes an IPSec SA in transport
mode with just this single IP address and sends all the packets
encrypted. So the communication between IP1 and IP2 never goes
unencrypted through unsafe ethernet. It should pass all other traffic
unmodified.
Is there some example setup or any pointer how could I make this work?
I found about the terminology and this possibility here:
http://www.thought.net/jason/bridgepaper/node9.html
but there's no documentation on how to actually do this :(. Simple
googling did not help.
Thanks,
Juraj.
