From owner-freebsd-questions@FreeBSD.ORG  Tue Mar  2 08:01:52 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CE01016A4CE
	for <freebsd-questions@FreeBSD.ORG>;
	Tue,  2 Mar 2004 08:01:52 -0800 (PST)
Received: from brains.phuq.co.uk (cpc1-rdng2-3-0-cust7.winn.cable.ntl.com
	[80.5.146.7])	by mx1.FreeBSD.org (Postfix) with ESMTP id 5ACCA43D31
	for <freebsd-questions@FreeBSD.ORG>;
	Tue,  2 Mar 2004 08:01:52 -0800 (PST)	(envelope-from jon@phuq.co.uk)
Received: from [192.168.1.11] (port=2951 helo=phuq.co.uk)
	by brains.phuq.co.uk with esmtp (Exim 4.14)
	id 1AyCL8-000A9o-TL
	for freebsd-questions@FreeBSD.ORG; Tue, 02 Mar 2004 16:01:51 +0000
Message-ID: <4044AFEE.3010702@phuq.co.uk>
Date: Tue, 02 Mar 2004 16:01:50 +0000
From: Jon Wilson <jon@phuq.co.uk>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031016
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@FreeBSD.ORG
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: road warrior VPN solution needed
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2004 16:01:52 -0000

I'm looking for a solution to the following VPN setup:

	FreeBSD server on public IP address
	Private, firewalled office LAN
	"Road warrior" laptop users requiring access to the LAN
	Users are anywhere in the world, possibly behind NAT
	Users run Win2k or XP
	Client software must be minimal, and easy to install and
              configure
	It must be reliable
	Minimal budget

Minimal patching and tweaking of server software would be a bonus. I'm 
prepared to get my hands dirty a little, but something that "just werks" 
without in-depth knowlege about IPSec and protocols would be good too.

The need for a Windows "pointy-clicky" interface appears to imply use of 
either L2TP or PPTP. Getting Ipsec working to an XP machine, using 
Racoon and shared secrets seems to work OK. But I've just wasted a day 
trying to get either of poptop and l2ptd working. The debugging output 
is terrible, and I'm not sure if my ppp configs are at all sane.

If anyone has a working Poptop or l2tpd setup, could they possibly give 
me a look at their config (including ipsec and ppp config)? I think I am 
missing something, but I'm not sure what.

Alternatively, if anyone has advise on other solutions to this problem 
(including paying small sums for alternative software/hardware) then I'm 
all ears.

Jon