From owner-freebsd-questions Tue Nov 9 20:14:18 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mail.HiWAAY.net (fly.HiWAAY.net [208.147.154.56]) by hub.freebsd.org (Postfix) with ESMTP id BFA1414A05 for ; Tue, 9 Nov 1999 20:14:15 -0800 (PST) (envelope-from dkelly@nospam.hiwaay.net) Received: from nospam.hiwaay.net (tnt8-216-180-15-180.dialup.HiWAAY.net [216.180.15.180]) by mail.HiWAAY.net (8.9.3/8.9.0) with ESMTP id WAA09596 for ; Tue, 9 Nov 1999 22:14:13 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by nospam.hiwaay.net (8.9.3/8.9.3) with ESMTP id WAA71414 for ; Tue, 9 Nov 1999 22:14:11 -0600 (CST) (envelope-from dkelly@nospam.hiwaay.net) Message-Id: <199911100414.WAA71414@nospam.hiwaay.net> X-Mailer: exmh version 2.1.0 09/18/1999 To: freebsd-questions@freebsd.org Subject: easy VPN solution? From: David Kelly Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 09 Nov 1999 22:14:10 -0600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At work we are in need of a simple idiot proof secure (legal too) tunnel between one office and a distant office. For unknown reasons the distant office is terrified of the notion they might have to use something other than AOL. They are also too far away for me to casually jump in a plane to push the reset button. And anything more than a one-button push is more than anybody should attempt to talk them thru. As for me, I'm terrified such a computer with company sensitive information is allowed to freely roam the internet in the first place. An initial Good Idea was to put another Ascend Pipeline 50 in our network, in the remote office. Then to upgrade the VPN encryption within the Pipeline. Not a bad idea but 1) would have to add ISDN to the remote office in pricey BellSouth/Florida, and 2) AOL doesn't do ISDN. Would be best if any non-Ascend Pipeline VPN solution would be able to connect to the Pipeline 50 in my office via the internet. What does it take to establish a VPN to an Ascend Pipeline using FreeBSD? I don't really have the time over the coming year to monitor this proposed firewall/gateway/VPN, but if I knew how to establish a VPN with the Ascend hardware, I'd give it a go. Then when (positive thinking) that works out would have to be square with RSA and whoever on the encryption patents. Am collecting more data on the GNATbox firewall. Not sure about encrypted VPN capabilities. Am also looking at Whistle's latest. Not sure about encryption but apparently IBM is bundling hardware, network connection, and support, at interesting prices. Netsurfing found http://www.sonicwall.com/. Bottom of the line is about $400 but then another $400 or more for VPN? UMAX http://www.umax.com/networking/standard/ has some interesting stuff but doesn't offer encrypted VPN. Same for http://www.macsensetech.com/Product/index.html I understand client software under Windows can establish a VPN tunnel to the Ascend VPN hardware. Don't know exactly what software package is needed. Or if it comes with WinNT, which is on (both of) the remote computers. *BUT* hopefully I've established a calibration of this remote site and you have already dismissed that option after a session of ROTFL. Am suspicious the only way this remote office survived a meltdown from viruses and internet was their use of an old version of WordPerfect and Windows 3.1. A firewall capable of killing Active-X would be a plus. Its not as simple as blocking a port, is it? So, the question boils down to essentially: I need a cheap/free no maintenence router/firewall/gatway/NAT/VPN that is idiot proof and can tunnel over AOL. Know of any? Otherwise enjoy a chuckle as the real world constantly amazes me. -- David Kelly N4HHE, dkelly@nospam.hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message