I have some idea IPsec might be useful so I do a search and this comes up (first cab off the rank) ... http://www.symantec.com/connect/articles/zero-ipsec-4-minutes ... it's specifically about OpenBSD and it looks pretty easy.
So I go to the ipsec(4) man page and see this ... If we apply ESP in tunnel mode to the original packet, we would get: [IP header] [ESP header] [IP header] [TCP header] [data...] Again, everything after the ESP header is cryptographically protected. Notice the insertion of an IP header between the ESP and TCP header. This mode of operation allows us to hide who the true source and destination addresses of a packet are (since the protected and the unprotected IP headers don't have to be exactly the same). A typical application of this is in Virtual Private Networks (or VPNs), where two firewalls use IPsec to secure the traffic of all the hosts behind them. For example: Net A <----> Firewall 1 <--- Internet ---> Firewall 2 <----> Net B Firewall 1 and Firewall 2 can protect all communications between Net A and Net B by using IPsec in tunnel mode, as illustrated above. ... which seems to fit the bill if I subsitute "Wireless" for "Internet" in the diagram. I should use IKED or ISAKMPD to avoid replay protection. Is that sensible? Best wishes.