From owner-freebsd-security@FreeBSD.ORG  Sun Jan 22 20:10:59 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1FC9516A41F
	for <freebsd-security@freebsd.org>;
	Sun, 22 Jan 2006 20:10:59 +0000 (GMT)
	(envelope-from corwin@aeternal.net)
Received: from amber.aeternal.net (amber.in.markiza.sk [62.168.76.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1D3BF43D5C
	for <freebsd-security@freebsd.org>;
	Sun, 22 Jan 2006 20:10:57 +0000 (GMT)
	(envelope-from corwin@aeternal.net)
Received: from localhost (localhost.aeternal.net [127.0.0.1])
	by amber.aeternal.net (Postfix) with ESMTP id A7CA6B8C8
	for <freebsd-security@freebsd.org>;
	Sun, 22 Jan 2006 21:10:53 +0100 (CET)
Received: from amber.aeternal.net ([127.0.0.1])
	by localhost (amber.aeternal.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 77311-04 for <freebsd-security@freebsd.org>;
	Sun, 22 Jan 2006 21:10:52 +0100 (CET)
Received: from [192.168.0.44] (pleiades.aeternal.net [192.168.0.44])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by amber.aeternal.net (Postfix) with ESMTP id 1AFEBB8E5
	for <freebsd-security@freebsd.org>;
	Sun, 22 Jan 2006 21:10:52 +0100 (CET)
Message-ID: <43D3E694.9040902@aeternal.net>
Date: Sun, 22 Jan 2006 21:09:56 +0100
From: Martin Hudec <corwin@aeternal.net>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: freebsd-security@freebsd.org
References: <12848a3b0601221142r2161c20ka6d128ecf5c299aa@mail.gmail.com>
In-Reply-To: <12848a3b0601221142r2161c20ka6d128ecf5c299aa@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at aeternal.net
Subject: Re: setting up vpn client on a freebsd workstation
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: corwin@aeternal.net
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Jan 2006 20:10:59 -0000

Hello,

Vaida Bogdan wrote:
> I have the following network:
> 
> External Interface         External Interface
> ccc.ccc.ccc.ccc             aaa.aaa.aaa.aaa
>       |                                               |
> --> VPN <--> Internet <--> FreeBSD Client (NATed extip: bbb.bbb.bbb.bbb)
>        |
> FW-1 Protected Net
> ddd.ddd.ddd.ddd/24
> 
> VPN: ipsec freeswan (UDP encapsulated tunnel)
> ccc.ccc.ccc.ccc has port 136/UDP open for this
> I also have the following certs: cert.pem, key.pem crl.pem and CA.pem
> I am behind internal ips allocated by dhcp.
> 
> I need to connect to an ip in the Protected Net area.

Are you connecting to Windows VPN server or VPN router or what? Maybe 
net/pptp-client will be enough for you..

Martin