wireless home network

Jonathan Belson jon at witchspace.com
Wed Aug 11 14:53:45 BST 2004

> Here are a few (somewhat random) thoughts for you...
> I may have got this wrong, but surely SSH will be secure without any
> additional steps. Once you have IP connectivity between the machines,
> you can SSH away! Any traffic will be encrypted by SSH and it doesn't
> matter if someone can sniff this.

>From memory, ssh tunneling only supports TCP traffic so encrypting e.g.
shares won't work.

> Perhaps something like IPSec is more what you want (type FreeBSD IPSec
> into Google for help setting this up). This would allow you to secure
> all the network traffic between the machines, above and beyond just your
> SSH sessions. You then do not need to configure each app in turn, and
> unsecured communications can be disabled.

I managed to IPSECify the wireless links between my Mac, FreeBSD/Windows
2000 laptop and FreeBSD server, but there were a couple of problems I
came across:

Every now and again, the link between my Windows 2000 and the server would
stop working for a while.  I've seen other people reporting this issue;
I was unable to figure out how to work around it.

The Mac couldn't seem to renegotiate the key once the original key's
lifetime had expired.  Rummaging about in the debug logs shows that
the process just timed out for some reason or another. As a fudge I set
a long key lifetime as a workaround (a few days).



More information about the Ukfreebsd mailing list