0
Let's consider we have unencrypted network connection (for example, Ad-hoc Wifi without any WPA, but not limited to wireless, of course). What is the simplest way to secure it (having GNU/Linux on both sides).
Expecting the following properties:
- Not distro-specific (not ifup/ifdown, not intergrating in any /etc/init.whatever)
- Preferably no config files (just commands in console)
- Preferably replying on standard kernel modules present in most distributed kernels.
Performance is not critical.
Expecting something like doing:
ip link add encrypted_link0 type encrypted link=wlan0 psk=k48M1n3n6
ip link set encrypted_link0 up
ip link addr add 192.168.44.2/30 dev encrypted_link0
ip route add via 192.168.44.1 dev encrypted_link0
on one side and
ip link add encrypted_link0 type encrypted link=wlan0 psk=k48M1n3n6
ip link set encrypted_link0 up
ip link addr add 192.168.44.1/30 dev encrypted_link0
echo 1 > /proc/sys/net/ipv4/conf/encrypted_link0/forwarding
on other side.
Not thinking about any authentication servers, just using some good default algo like aes256, not thinking about configuring various swans or racoons.
Swans & racoons? – uSlackr – 2012-04-17T15:26:48.530
Means OpenSwan and Racoon + ipsec-tools - both are tools for using IPSec in Linux. – Vi. – 2012-04-17T15:28:33.110