I have some idea IPsec might be useful so I do a search and this comes
up (first cab off the rank) ...
http://www.symantec.com/connect/articles/zero-ipsec-4-minutes
... it's specifically about OpenBSD and it looks pretty easy.
So I go to the ipsec(4) man page and see this ...
If we apply ESP in tunnel mode to the original packet, we would get:
[IP header] [ESP header] [IP header] [TCP header] [data...]
Again, everything after the ESP header is cryptographically protected.
Notice the insertion of an IP header between the ESP and TCP header.
This mode of operation allows us to hide who the true source and
destination addresses of a packet are (since the protected and the
unprotected IP headers don't have to be exactly the same). A typical
application of this is in Virtual Private Networks (or VPNs), where two
firewalls use IPsec to secure the traffic of all the hosts behind them.
For example:
Net A <----> Firewall 1 <--- Internet ---> Firewall 2 <----> Net B
Firewall 1 and Firewall 2 can protect all communications between Net A
and Net B by using IPsec in tunnel mode, as illustrated above.
... which seems to fit the bill if I subsitute "Wireless" for
"Internet" in the diagram.
I should use IKED or ISAKMPD to avoid replay protection.
Is that sensible?
Best wishes.
