From owner-freebsd-questions@FreeBSD.ORG Wed Aug 9 17:37:55 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 424BA16A4E2 for ; Wed, 9 Aug 2006 17:37:55 +0000 (UTC) (envelope-from freebsd@philip.pjkh.com) Received: from bravo.pjkh.com (bravo.pjkh.com [72.36.232.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75AFB43D70 for ; Wed, 9 Aug 2006 17:37:52 +0000 (GMT) (envelope-from freebsd@philip.pjkh.com) Received: from bravo.pjkh.com (bravo.pjkh.com [72.36.232.219]) by bravo.pjkh.com (Postfix) with ESMTP id 2864513C7C8; Wed, 9 Aug 2006 12:43:11 -0500 (CDT) Received: by bravo.pjkh.com (Postfix, from userid 1000) id D9B4413C7C5; Wed, 9 Aug 2006 12:43:10 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by bravo.pjkh.com (Postfix) with ESMTP id D8A1E13C7BF; Wed, 9 Aug 2006 12:43:10 -0500 (CDT) Date: Wed, 9 Aug 2006 12:43:10 -0500 (CDT) From: Philip Hallstrom To: Odhiambo Washington In-Reply-To: <20060809173312.GA45250@ns2.wananchi.com> Message-ID: <20060809124225.O65760@bravo.pjkh.com> References: <20060809173312.GA45250@ns2.wananchi.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: ClamAV using ClamSMTP Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD as a VPN Server/Router X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Aug 2006 17:37:55 -0000 > I am going to venture into the field of the security gurus so help me > God! It looks like I am gonna get stuck in wet cement, I can feel it;) > > I have two sites, siteA and siteB. Each site has a horde of Windows PCs > behind a FreeBSD box, which acts as a firewall/router/proxy/everything:) > Each site has got a dedicated connection to an ISP. At the moment it's > the same ISP, if that matters, but my thinking is that it can be any > ISP. > > I have a challenge of establishing a WAN between the two sites. They > are geographically apart. In this scenario, siteA has several > applications running on several windows servers which are behind the > FreeBSD box. > The challenge is to allow siteB to access these applications securely > via the WAN setup. VPN comes straight to mind, but this is a new area > to me. > > The boxes are both FreeBSD 5.5-STABLE. > > I am looking for pointers/clues on how to do the setup in a clean way, > while adhering to K.I.S.S as closely as possible. > > If extra hardware (other than the FreeBSD boxes) is required so that > the WAN is efficient, I'd be happy to know. > > I am very optimistic on pulling this one off, since I belong to a > community full of security experts (FreeBSD users). > > PS: I am already googling, perhaps with the wrong keywords:-) It's been a couple of years since I did this, but this worked for me... http://www.pjkh.com/wiki/vtund -philip