Perhaps my understanding of ieee80211(9) and isakmpd(8) is awry? I have a simple WLAN setup, where there is a combined internet gateway/wireless AP, and several wireless nodes. I want each wireless node to be able to connect to all others for file sharing, etc and the connection should be over an IPsec layer.
I can think of two ways theoretically to do this: 1. Configure each host to establish an IPsec tunnel directly with the other - i.e. peer-to-peer at the IP layer, although my understanding of ieee80211(9) is that the connection would still be bridged through the AP at the data-link layer. 2. Route these connections through the access point at the IP layer, since they're already being bridged through the AP at the data-link layer. I'm not sure how to implement this either way and would appreciate some advice in this regard. I guess routing through the AP makes more sense as it will always by up wheras some of the nodes might be down at any given time? Any advice will be appreciated. Regards, Damon On 18/04/06, Luiz Otavio Souza <[EMAIL PROTECTED]> wrote: > >> Luiz Otavio Souza wrote: > >>>> Damon McMahon wrote: > >>>>> My query is what I should/need to do to enable flows between the two > >>>>> non-AP peers 192.168.1.2 and 192.168.1.3? Should flows be routed > >>>>> through the access point at the IP layer (hence the AP acts as a > >>>>> gateway for all hosts in the WLAN), or should flows through the access > >>>>> point occur at the data-link layer with actual IPsec negotiation > >>>>> occurring between the peers directly? > >>>>> > >>>> > >>> > >>> If you cannot change the AP behaviour try openvpn running on udp. > >>> > >> > >> i don't get it. > >> > >> i do know that openvpn is very popular in linuxland but where is the > >> particular relation to the described problem? any internal filters? > >> layer 2 tunneling? > >> > >> "try openvpn running on udp" is not a solution. it's nuts. > > > > Yes this is a solution, if you can understand why i am proposing that (and > > you can !). > > > > Create subnets is also nuts for this case. Since it looks like station A > > cannot talk (IPSec) to station B due to AP filters. > > i am wrong here. if the AP is running some kind of intra-bss filter to not > bridge packets from one station to another the subnet solution is correct > and my solution (l2tp) will not help. > > luiz
