Hello,
I'd like to setup two FreeBSD decvies (laptop and server) to communicate securely and route the entire traffic from the laptop over the secured tunnel through the server. The setup should look like this:
I guess this should be achievable with gif interfaces, StrongSwan and IKEv2 but I weren't successful yet. The FreeBSD documentation has a similar setup using racoon (which I believe, is based on IKEv1). I'd use preshared Keys for now, but it should be done with certificates later (if that basic setup works). Ideally, more than one laptop can connect to the server but for now, this can be one device.
Has anyone running such a scenario and wants to share his configuration or is interested in setting up something similar?
While doing some research, I've found old posts that seem not working or posts that want to achieve other goals. Possibilities and other scenarios include
I'd like to setup two FreeBSD decvies (laptop and server) to communicate securely and route the entire traffic from the laptop over the secured tunnel through the server. The setup should look like this:
Code:
Laptop ----------- (Internet) ------- Server
(Dynamic IP) (Public IP)
I guess this should be achievable with gif interfaces, StrongSwan and IKEv2 but I weren't successful yet. The FreeBSD documentation has a similar setup using racoon (which I believe, is based on IKEv1). I'd use preshared Keys for now, but it should be done with certificates later (if that basic setup works). Ideally, more than one laptop can connect to the server but for now, this can be one device.
Has anyone running such a scenario and wants to share his configuration or is interested in setting up something similar?
While doing some research, I've found old posts that seem not working or posts that want to achieve other goals. Possibilities and other scenarios include
- SSH VPN (tunneling) - which is a bit more expensive due to TCP,
- OpenVPN - a lot of people seem to use this instead of IPSec, but I would prefer the encryption done at the network stack inside the kernel. Not quite sure but I believe that strongSwan is a utility that allows X.509 and other authentication schemes, but it's using the FreeBSD kernel facilities to encrypt network traffic.
- IKEv1 with racoon.
- WireGuard (?)