I've read the IPsec FAQ on netbsd.org, but I'm still not sure what the
best way to do what want is... what I want to do is use IPsec to encrypt
my 802.11 traffic (since everyone says WEP is pretty useless). I have a
Linksys WAP11 access point, a NetBSD machine on the Ethernet, and a
WinXP laptop with 802.11 card. I also have a block of 8 public IP
addresses and would like to avoid any sort of NAT if possible.

Now, it looks like if I set up IPsec transport mode, I can encrypt
traffic between two specific machines, such as my laptop and one of my
NetBSD machines. However, I can't encrypt traffic to a machine that I
have no control over, such as traffic between my laptop and some random
website.

IPsec tunnel mode looks like it can encrypt all traffic to/from my
laptop, but it doesn't look like I can use it with my network
configuration. I don't have a VPN gateway on the wireless side, and even
if I did, it'd defeat the purpose, since traffic between my laptop and
the VPN gateway would go over the air.

What I seem to need is something like tunnel mode, but with the laptop
acting as its own VPN gateway...

So, what can I do? :) If it'll help, you can assume the laptop is
running NetBSD too; I can boot it into NetBSD and get things working
there, then try to translate the settings over to WinXP.
-- 
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym@azeotrope.org |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 26 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++