From owner-freebsd-questions Mon Jun 19 22: 6:51 2000 Delivered-To: freebsd-questions@freebsd.org Received: from watson.ficsgrp.com (watson.ficsgrp.com [194.74.111.3]) by hub.freebsd.org (Postfix) with ESMTP id EC58737BAD4 for ; Mon, 19 Jun 2000 22:06:40 -0700 (PDT) (envelope-from harry.woodward-clarke@s1.com) Received: from mail.au.ficsgrp.com ([194.74.111.35]) by watson.ficsgrp.com (Netscape Messaging Server 3.6) with ESMTP id AAA312 for ; Tue, 20 Jun 2000 07:06:37 +0200 Received: from S1.com ([172.16.48.219]) by mail.au.ficsgrp.com (Netscape Messaging Server 3.6) with ESMTP id 514; Tue, 20 Jun 2000 15:09:51 +1000 Message-ID: <394EFC25.8207FB2@S1.com> Date: Tue, 20 Jun 2000 05:07:49 +0000 From: Harry Woodward-Clarke X-Mailer: Mozilla 4.61 [en] (X11; I; Linux 2.0.36 i386) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD Questions Cc: lol@ficsgrp.com Subject: advice sought - ISDN & VPN Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi guys, a "real world" question ;') First, some background. Our internal Finance guys here in Sydney are using Oracle Financials via a stand-alone Windows PC connected to the Internet with an ISDN modem, using ShivaVPN to 'tunnel' to our HQ in the USA. What they now want is for several PCs to be able to connect and run Oracle Financials - not necessarily simultaneously, but you never know... Also, the current PC (only one) is not physically connected to our LAN, as (being the paranoid that I am) when I set it up with 'wide-open access' to the Internet via the ISDN line, I didn't want any 'nasties' to come back down the line, through the Windows PC and into our LAN. The LAN already has a (very slow) Internet connection for our email and web (via proxy). Anyway, the sort of thing I'd like to be able to do is something like... - have multiple 'Oracle Financials' Windows PCs on the LAN - insert a FreeBSD "gateway" for the ISDN modem to connect "on-demand" to the Internet (via Telstra BigPond Direct, if that matters) - allow the above Windows PCs to invoke ShivaVPN and connect via the FreeBSD 'gateway' to the USA VPN Servers, and from there, onto Oracle Financials - allow other connections from these PCs to go via the 'standard' LAN connected gateway (e.g. Web-proxy, etc.) The question that was thrown back at me by the System/Network Admin. was "how do we allow ShivaVPN to tunnel through the BSD box to the USA?" Well, the best way for me to learn about how that is done, is to ask questions here :') So, to recap: - multiple ShivaVPN Client PCs using Windows9x/NT4/2K - ISDN modem connected to the Internet via Telstra BigPond Direct - ShivaVPN Server in the USA To the experienced FreeBSD SysAdmins: how would you do this? What sort of configuration, both hardware and software, would you include in this mix? Would IPfilter be useful here? Perhaps a Firewall product? Any comments, suggestions gratefully taken on board. Thanks and kind regards, Harry -- Harry Woodward-Clarke Support Analyst S1 Australia Telephone: +61 2 9260-2144 Level 8, 131 York St, Facsimile: +61 2 9267-9422 Sydney NSW, 2000 E-mail: Harry.Woodward-Clarke@S1.com Australia Web Page: www.S1.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message