From owner-freebsd-security@FreeBSD.ORG  Sun Jan 22 19:42:50 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 99A7F16A41F
	for <freebsd-security@freebsd.org>;
	Sun, 22 Jan 2006 19:42:50 +0000 (GMT)
	(envelope-from vaida.bogdan@gmail.com)
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.198])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2561643D55
	for <freebsd-security@freebsd.org>;
	Sun, 22 Jan 2006 19:42:50 +0000 (GMT)
	(envelope-from vaida.bogdan@gmail.com)
Received: by zproxy.gmail.com with SMTP id 8so789130nzo
	for <freebsd-security@freebsd.org>;
	Sun, 22 Jan 2006 11:42:49 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=R6EOYgvfiAEkMg+QVG11kKoCgT8kLVHKpIoa1/XZ4rEvsQZDC50WBgJuZanobWoNfeg+N4dueUoE+kuN7/J5muRocTN5yWArRYkj2piZhVfnpve2Sdl8rQNMNwbofNw0CeT3F3gU110J5qeOB+J8XdryCMhmhvDU3G6VkPRT4Cw=
Received: by 10.36.13.18 with SMTP id 18mr3294780nzm;
	Sun, 22 Jan 2006 11:42:49 -0800 (PST)
Received: by 10.36.251.28 with HTTP; Sun, 22 Jan 2006 11:42:48 -0800 (PST)
Message-ID: <12848a3b0601221142r2161c20ka6d128ecf5c299aa@mail.gmail.com>
Date: Sun, 22 Jan 2006 19:42:48 +0000
From: Vaida Bogdan <vaida.bogdan@gmail.com>
To: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Subject: setting up vpn client on a freebsd workstation
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Jan 2006 19:42:50 -0000

I have the following network:

External Interface         External Interface
ccc.ccc.ccc.ccc             aaa.aaa.aaa.aaa
      |                                               |
--> VPN <--> Internet <--> FreeBSD Client (NATed extip: bbb.bbb.bbb.bbb)
       |
FW-1 Protected Net
ddd.ddd.ddd.ddd/24

VPN: ipsec freeswan (UDP encapsulated tunnel)
ccc.ccc.ccc.ccc has port 136/UDP open for this
I also have the following certs: cert.pem, key.pem crl.pem and CA.pem
I am behind internal ips allocated by dhcp.

I need to connect to an ip in the Protected Net area.

It's my first VPN connection and I'm having problems with it. I tried
following the handbook but it gets into racoon configs and I'm seeking
a simpler implementation. I also found papers regarding pptp and
pipsec. The problem is I don't know which one to use.

Could anyone point me to a paper and the differences in the configs
for my scenario?