How to set up encrypted network in easiest way in Linux?

0

Let's consider we have unencrypted network connection (for example, Ad-hoc Wifi without any WPA, but not limited to wireless, of course). What is the simplest way to secure it (having GNU/Linux on both sides).

Expecting the following properties:

  • Not distro-specific (not ifup/ifdown, not intergrating in any /etc/init.whatever)
  • Preferably no config files (just commands in console)
  • Preferably replying on standard kernel modules present in most distributed kernels.

Performance is not critical.

Expecting something like doing:

ip link add encrypted_link0 type encrypted link=wlan0 psk=k48M1n3n6
ip link set encrypted_link0 up
ip link addr add 192.168.44.2/30 dev encrypted_link0
ip route add via 192.168.44.1 dev encrypted_link0

on one side and

ip link add encrypted_link0 type encrypted link=wlan0 psk=k48M1n3n6
ip link set encrypted_link0 up
ip link addr add 192.168.44.1/30 dev encrypted_link0
echo 1 > /proc/sys/net/ipv4/conf/encrypted_link0/forwarding

on other side.

Not thinking about any authentication servers, just using some good default algo like aes256, not thinking about configuring various swans or racoons.

Vi.

Posted 2012-04-17T14:31:19.827

Reputation: 13 705

Swans & racoons? – uSlackr – 2012-04-17T15:26:48.530

Means OpenSwan and Racoon + ipsec-tools - both are tools for using IPSec in Linux. – Vi. – 2012-04-17T15:28:33.110

Answers

0

Created special little program for this: https://github.com/vi/tap_mcrypt

iwconfig wlan0 mode Ad-Hoc
iwconfig wlan0 essid access_point_name
ip link set wlan0 up;

MCRYPT_KEYFILE=/root/enc0_key DEV_NAME=enc0 tap_mcrypt wlan0 74:f0:6d:7b:8d:c3 &
sleep 0.5

ip link set enc0 up
ip addr add 192.168.99.128/24 dev enc0

Not super-secure, but easy to set up and should work with various connections.

Vi.

Posted 2012-04-17T14:31:19.827

Reputation: 13 705

Asked: 2012-04-17T14:31:19.827

Viewed: 505 times

Active: 2012-04-19T17:51:49.800