From owner-freebsd-questions@FreeBSD.ORG Wed Aug 9 17:33:17 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE1E716A4DA for ; Wed, 9 Aug 2006 17:33:17 +0000 (UTC) (envelope-from wash@wananchi.com) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id B884B43D49 for ; Wed, 9 Aug 2006 17:33:15 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.63 #0 (FreeBSD 4.11-STABLE)) id 1GArvc-000DtG-BA by authid for ; Wed, 09 Aug 2006 20:33:12 +0300 Date: Wed, 9 Aug 2006 20:33:12 +0300 From: Odhiambo Washington To: freebsd-questions@freebsd.org Message-ID: <20060809173312.GA45250@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.12 (2006-07-14) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.12-2006-07-14 Subject: FreeBSD as a VPN Server/Router X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Aug 2006 17:33:17 -0000 I am going to venture into the field of the security gurus so help me God! It looks like I am gonna get stuck in wet cement, I can feel it;) I have two sites, siteA and siteB. Each site has a horde of Windows PCs behind a FreeBSD box, which acts as a firewall/router/proxy/everything:) Each site has got a dedicated connection to an ISP. At the moment it's the same ISP, if that matters, but my thinking is that it can be any ISP. I have a challenge of establishing a WAN between the two sites. They are geographically apart. In this scenario, siteA has several applications running on several windows servers which are behind the FreeBSD box. The challenge is to allow siteB to access these applications securely via the WAN setup. VPN comes straight to mind, but this is a new area to me. The boxes are both FreeBSD 5.5-STABLE. I am looking for pointers/clues on how to do the setup in a clean way, while adhering to K.I.S.S as closely as possible. If extra hardware (other than the FreeBSD boxes) is required so that the WAN is efficient, I'd be happy to know. I am very optimistic on pulling this one off, since I belong to a community full of security experts (FreeBSD users). PS: I am already googling, perhaps with the wrong keywords:-) -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Who messed with my anti-paranoia shot?