On Netgraph

Tom Marcoen tom.marcoen at gmail.com
Fri Jun 5 20:07:30 UTC 2020 

I'm sure I can come up with those ten-or-so lines myself. I was just hoping
I could use a Netgraph node which performs the encryption before sending it
through the ksocket node. Perhaps I should write such a node then.

On Fri, 5 Jun 2020 at 22:04, Julian Elischer <julian at freebsd.org> wrote:

> On 6/5/20 12:13 PM, Tom Marcoen wrote:
> > Hey Eugen,
> >
> > For some reason I did not receive your email. But I found your reply in
> the
> > archives.
> >
> > Anyway, the goal is to have two computers, each with a Netgraph bridge
> node
> > and jails connecting to these bridges. I want to connect both bridges
> over
> > the Internet securely. Using a UDP tunnel and encrypting that with IPsec
> or
> > wireguard or .... would be an option, but it would be nicer if I could
> use
> > a Netgraph-native option.
>
>
> In years past I used netgraph ksocket nodes to generate a udp tunnel
> and then set up IPSEC to encrypt it.
>
> can be done from the command line with about 10 lines from memory.
>
> Unfortunately I don't have those 10 line at hand as it was at
> JOB[current - 5]
>
> Julian
>
>
> > Regards,
> > Tom
> >
> > On Wed, 27 May 2020 at 10:06, Tom Marcoen <tom.marcoen at gmail.com> wrote:
> >
> >> Hey all,
> >>
> >> I'm new to this mailing list and also quite new to FreeBSD (huray,
> welcome
> >> to me!) so bare with me, please.
> >>
> >> I'm reading up on Netgraph on how I can integrate it with FreeBSD jails
> >> and I was looking at some of the examples provided in
> >> /usr/share/examples/netgraph and now have the following question.
> >> The udp.tunnel example shows an iface point-to-point connection but it
> is
> >> unencrypted. Of course I could encrypt it with an IPsec tunnel on the
> host
> >> or tunnel it through SSH, but I was wondering whether there exists a
> nice
> >> Netgraph solution, e.g. a node with two hooks, receiving unencrypted
> >> traffic on the inside hook and sending out encrypted traffic on the
> outside
> >> hook.
> >>
> >> Regards,
> >> Tom
> >>
> > _______________________________________________
> > freebsd-net at freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-net
> > To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
>
>

More information about the freebsd-net mailing list