On Fri, Feb 11, 2011 at 03:39:03PM +0000, jpo234 wrote: > is it possible to use the mac80211 (software) encryption infrastructure to > encrypt data over non 802.11 interfaces? If not, how hard would this be? > > IPsec and other VPN solutions are "tunnel centric" instead of "interface > centric". I'm looking for a way to say "All inbound and outbound traffic through > this interface must be encrypted with the following key.", just like WPA-PSK. Are you looking for a custom solution that would not work with anyone else or a standard solutions like MACsec that Henry already mentioned? You could obviously make the kernel do some custom hacks like trying to fit IEEE 802.11 encryption into other network types, but it would sound more reasonable to work on a standard solution.. CCMP is designed for IEEE 802.11 header and as such, it does not really work as-is with other network types. WPA-PSK 4-way handshake could be used to manage keys with some small changes, but this would be very much a custom solution. -- Jouni Malinen PGP id EFC895FA -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html