From owner-freebsd-questions Wed Nov 20 13:18:41 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7200E37B401 for ; Wed, 20 Nov 2002 13:18:39 -0800 (PST) Received: from pgh.nepinc.com (pgh.nepinc.com [66.207.129.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8732B43E97 for ; Wed, 20 Nov 2002 13:18:38 -0800 (PST) (envelope-from durham@jcdurham.com) Received: from jimslaptop.pitt.nepinc.com (jimslaptop.pitt.nepinc.com [192.100.100.107]) by pgh.nepinc.com (8.11.4/8.11.3) with ESMTP id gAKLIWF12305; Wed, 20 Nov 2002 16:18:32 -0500 (EST) (envelope-from durham@jcdurham.com) Content-Type: text/plain; charset="iso-8859-1" From: Jim Durham Reply-To: durham@jcdurham.com Organization: James Durham Consulting To: Philip Hallstrom Subject: Re: VPN and roaming Windows 2K users Date: Wed, 20 Nov 2002 16:18:26 -0500 User-Agent: KMail/1.4.3 Cc: Bill Moran , References: <20021120112335.F16116-100000@cypress.adhesivemedia.com> In-Reply-To: <20021120112335.F16116-100000@cypress.adhesivemedia.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200211201618.26133.durham@jcdurham.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wednesday 20 November 2002 02:24 pm, Philip Hallstrom wrote: > [snip] > > > > > I use racoon and IPSEC between offices with FreeBSD boxes on each > > > > end. > > > > > > Have you ever tried using vtun between the FreeBSD machines? I've > > > never used racoon/IPsec between FreeBSD machines, but I was overjoy= ed > > > at the simplicity and workability of vtun. > > > Just curious if anyone has used both that could compare them. > > > > Yes, I used vtun for about a year. It worked fine as long as the netw= ork > > stayed up between here and the West Coast, but, when it went down for > > any length of time, which happens quite regularly in the middle of th= e > > night, it wouldn't reestablish. I find that IPSEC is more robust and = you > > don't need to run PPP over it (although technically, you don't have t= o > > with vtun). IPSEC stays up and reestablishes itself. > > I've never run ipsec, but have used vtun for about 3 years b/n 4 differ= ent > DSL/cablemodem setups and it re-establishes it's connections for me... = at > least I've never had a problem with it... from the man page: > > persist yes|keep|no > persist mode. If yes, the client will try to > reconnect to the server after connection termina- > tion. If keep, the client will not remove and re- > add the tunXX or tapXX device when reconnecting. > If no, the client will exit (default). This option > is ignored by the server. > > -philip > I remember using that. The details are coming back to me now. We were getting situations where the network would go down, then come back long enough for things to start reestablishing and then go down again. After a few of these, I would get a call from the other office about.."network's down again". I could then kill both vtund's and start from scratch and all was well. It was probably some kind of a=20 race condition. (We also have a better network provider now 8-) ). -Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message