From owner-freebsd-questions@FreeBSD.ORG Wed Jan 25 02:43:35 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F59116A41F; Wed, 25 Jan 2006 02:43:35 +0000 (GMT) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 225F643D45; Wed, 25 Jan 2006 02:43:34 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [10.251.17.229]) ([10.251.17.229]) by a50.ironport.com with ESMTP; 24 Jan 2006 18:43:34 -0800 Message-ID: <43D6E5D6.9010705@elischer.org> Date: Tue, 24 Jan 2006 18:43:34 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.11) Gecko/20050727 X-Accept-Language: en-us, en MIME-Version: 1.0 To: gahn References: <20060125021915.59670.qmail@web52102.mail.yahoo.com> In-Reply-To: <20060125021915.59670.qmail@web52102.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: IPsec, VPN and FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jan 2006 02:43:35 -0000 gahn wrote: >Thanks Julian: > >Well, the another site is using a linux box for >firewall. We have extra PCs available so we could >build another FreeBSD box. That probably makes the VPN >setup a lot easier between two sites. > >As to the roaming users, very unlikely there will be >dial-up line, but those users could be on road and >using ISPs to connect the internal lab. both sites are >labs. > >I will try the roaming clients<--->freebsd vpn server >first. > > ok google for mpd and pptp > > >--- Julian Elischer wrote: > > > >>gahn wrote: >> >> >> >>>Hi: >>> >>>We intend to build IPSec based VPN server on >>> >>> >>FreeBSD >> >> >>>platform so that we can access internal network of >>> >>> >>a >> >> >>>lab. The remote side will use VPN client and could >>> >>> >>be >>>from anywhere of the Internet, or may be from the >> >> >>>another site of the company. From the hnadbook, I >>> >>> >>saw >> >> >>>the sample of site-to-site configurations and we do >>>have one FreeBSD firewall (running ipfw) on both >>> >>> >>site >> >> >>>and another one on another site (both have >>> >>> >>firewalls >> >> >>>on them), can we do that? Also what about the >>>client-server model? What kind of clients do we >>> >>> >>need >> >> >>>in order to connect to the FreeBSD/IPsec/VPN? Any >>>tips/information for the configuration of the >>>clients/server model on internet? >>> >>>Any help will be greatly appreciated. >>> >>> >>> >>> >>there are almost too many options to mention.. >> >>however you should be able to implement pptp >>tunnels (as used on windows) using mpd (in ports) >>alternatively there is always ssh or ipsec. >>(or a combination of them) >> >>If as you suggest, both ends are freebsd, then I've >>used mpd over ssh >>with great effect. >>use the 'tcp transport' option of mpd and connect it >>through an ssh tunnel. >> >>is the 'client' roaming or at a fixed address? if a >>fixed address then >>ipsec becomes easier. >> >> >> >> >> >>>Thanks >>> >>> >>> >>>__________________________________________________ >>>Do You Yahoo!? >>>Tired of spam? Yahoo! Mail has the best spam >>> >>> >>protection around >> >> >>>http://mail.yahoo.com >>>_______________________________________________ >>>freebsd-security@freebsd.org mailing list >>> >>> >>http://lists.freebsd.org/mailman/listinfo/freebsd-security >> >> >>>To unsubscribe, send any mail to >>> >>> >>"freebsd-security-unsubscribe@freebsd.org" >> >> >>> >>> >>> >>> >>_______________________________________________ >>freebsd-questions@freebsd.org mailing list >> >> >> >http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > >>To unsubscribe, send any mail to >>"freebsd-questions-unsubscribe@freebsd.org" >> >> >> > > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >