From owner-freebsd-questions@FreeBSD.ORG Wed Jan 25 02:19:17 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BDD616A420 for ; Wed, 25 Jan 2006 02:19:17 +0000 (GMT) (envelope-from ipfreak@yahoo.com) Received: from web52102.mail.yahoo.com (web52102.mail.yahoo.com [206.190.48.105]) by mx1.FreeBSD.org (Postfix) with SMTP id B87E943D49 for ; Wed, 25 Jan 2006 02:19:16 +0000 (GMT) (envelope-from ipfreak@yahoo.com) Received: (qmail 59672 invoked by uid 60001); 25 Jan 2006 02:19:15 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=TaTkmLKRNAa7ZnsW0vKkz//GhKheZRIfqh2WTaLYiCRs/CqHPn2+KSVE1DD7RKZABUQkmNLmjb1J+qj5z/M8Bush+cvHcK4bGr2rbSh3k7AA/Dean9rq8bfH5++RpU3GsNJn5KamR3seoejdKiARLeEXqWMR6RMy8aoX3cbaK2k= ; Message-ID: <20060125021915.59670.qmail@web52102.mail.yahoo.com> Received: from [200.38.156.194] by web52102.mail.yahoo.com via HTTP; Tue, 24 Jan 2006 18:19:15 PST Date: Tue, 24 Jan 2006 18:19:15 -0800 (PST) From: gahn To: Julian Elischer In-Reply-To: <43D6D1CD.5060504@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: IPsec, VPN and FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jan 2006 02:19:17 -0000 Thanks Julian: Well, the another site is using a linux box for firewall. We have extra PCs available so we could build another FreeBSD box. That probably makes the VPN setup a lot easier between two sites. As to the roaming users, very unlikely there will be dial-up line, but those users could be on road and using ISPs to connect the internal lab. both sites are labs. I will try the roaming clients<--->freebsd vpn server first. --- Julian Elischer wrote: > gahn wrote: > > >Hi: > > > >We intend to build IPSec based VPN server on > FreeBSD > >platform so that we can access internal network of > a > >lab. The remote side will use VPN client and could > be > >from anywhere of the Internet, or may be from the > >another site of the company. From the hnadbook, I > saw > >the sample of site-to-site configurations and we do > >have one FreeBSD firewall (running ipfw) on both > site > >and another one on another site (both have > firewalls > >on them), can we do that? Also what about the > >client-server model? What kind of clients do we > need > >in order to connect to the FreeBSD/IPsec/VPN? Any > >tips/information for the configuration of the > >clients/server model on internet? > > > >Any help will be greatly appreciated. > > > > > there are almost too many options to mention.. > > however you should be able to implement pptp > tunnels (as used on windows) using mpd (in ports) > alternatively there is always ssh or ipsec. > (or a combination of them) > > If as you suggest, both ends are freebsd, then I've > used mpd over ssh > with great effect. > use the 'tcp transport' option of mpd and connect it > through an ssh tunnel. > > is the 'client' roaming or at a fixed address? if a > fixed address then > ipsec becomes easier. > > > > >Thanks > > > > > > > >__________________________________________________ > >Do You Yahoo!? > >Tired of spam? Yahoo! Mail has the best spam > protection around > >http://mail.yahoo.com > >_______________________________________________ > >freebsd-security@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-security > >To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com