[Users] Securing wireless LAN

Hi,

I want to secure my wireless lan via IPSec and have succeeded partially. However, I still have problems with DHCP and NIS not working anymore. My network looks like this:

                        
                        eth0   100mbit LAN
                        ------------------ other clients
                      /
                      |
   Internet ----  Gateway ------------------- Laptop
              ppp0       eth1   WLAN
                         ipsec0

I want to use IPSec on the Laptop to encrypt all traffic. I'm using FreeS/WAN 1.96 + x509 as it comes with Debian 3.0 (woody).

The Laptop gets its internet address via DHCP, so gateway runs a DHCP daemon and acts as the FreeS/WAN gateway. Once I bring the IPSec connection up on the laptop, everything works fine. However, when the laptop wants to renew its DHCP lease, it fails. Some debugging with etherreal shows, that the DHCP request from the laptop is sent on eth1 (unencrypted), but the dhcp daemons response is sent encrypted on ipsec0. The dhcpclient does not see this response as it listens on eth1, so eventually it will fail and the network will go down. Is there a possibility, other than using a separate machine as DHCP server, to solve this problem?

The second problem is, that NIS on the eth0 segment stops working, once IPSec is started on the gateway. The gateway used to work as a nis-server (ypserv) and the clients in the eth0 segment find them using some sort of broadcasts. IPSec is only configured for eth1, but as soon as I start it (without any connections) on the gateway, these NIS broadacasts don't work anymore and the clients don't find their server. Does anybody know, what's happening here and how I could solve this?

Sebastian

-- 
Sebastian Kanthak
PGP/GnuPG: 
http://www.muehlheim.de/~skanthak/pgp.html

_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users