Well, I've been setting up a wireless link between 2 of our offices at work lately, and I don't trust WEP encryption anymore than I trust Microsoft IIS, so I've been playing with IPSec in tunnel mode under FreeBSD.

Each end of the link is run by a Linksys WAP11 access point, hooked up to a FreeBSD firewall box running IPSec in tunnel mode.

The IPSec documentation is a little confusing on this type of setup, as it goes on about setting up a gif interface to use for tunnelling, however as far as I can see, its not required.

In my situation, instead of setting up a gif interface, I simply ended up using the NIC connected to the wireless bridge in its place - running tcpdump on either end is showing the packets as being ESP encrypted, so as far as I can see it all looks sweet.

Think I'll try putting together some documentation on it and submitting...