From owner-freebsd-questions@FreeBSD.ORG  Thu Aug  4 11:24:42 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0DE3116A41F
	for <freebsd-questions@freebsd.org>;
	Thu,  4 Aug 2005 11:24:42 +0000 (GMT)
	(envelope-from eculp@bafirst.com)
Received: from bafirst.com (72-12-2-214.wan.networktel.net [72.12.2.214])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 89CD343D45
	for <freebsd-questions@freebsd.org>;
	Thu,  4 Aug 2005 11:24:41 +0000 (GMT)
	(envelope-from eculp@bafirst.com)
Received: from localhost (localhost [127.0.0.1]) (uid 80)
	by bafirst.com with local; Thu, 04 Aug 2005 06:24:40 -0500
	id 00095804.42F1FAF8.000018FF
Received: from dsl-201-144-81-185.prod-infinitum.com.mx
	(dsl-201-144-81-185.prod-infinitum.com.mx [201.144.81.185]) by
	mail.bafirst.com (Horde MIME library) with HTTP;
	Thu, 04 Aug 2005 06:24:40 -0500
Message-ID: <20050804062440.95ho5bui8ocss4sw@mail.bafirst.com>
Date: Thu, 04 Aug 2005 06:24:40 -0500
From: eculp@bafirst.com
To: freebsd-questions@freebsd.org
References: <20050803170637.yt81qbrw0swg0gg0@mail.bafirst.com>
	<20050804070516.GA5305@theatre.sax.de>
In-Reply-To: <20050804070516.GA5305@theatre.sax.de>
MIME-Version: 1.0
Content-Type: text/plain;
	charset=ISO-8859-1;
	format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) 4.1-cvs
Subject: Re: A secure connection to an SCO Unix 5.2 behind a pf firewall.
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2005 11:24:42 -0000

Quoting Martin Welk <mw@theatre.sax.de>:

> On Wed, Aug 03, 2005 at 05:06:37PM -0500, eculp@bafirst.com wrote:
>
>> I would appreciate any suggestions for a reasonably secure solution.  I
>> just found all this out and am totally blank.
>
> Have a look at OpenVPN (http://www.openvpn.org/), it is available as a
> FreeBSD port and it comes with a Windows GUI clients, if your client will
> need that. It allows your FreeBSD box to be the endpoint of the connection,
> and you can set network parameters for the connection from the server side,
> for example, a route to the SCO box for allowing ssh or telnet.

Thanks, Martin.  I'm going there right now.  From what you say that is 
exactly what I need if I can easily keep the users off the LAN by 
restricting them to telneting to the SCO box.  These are far from being 
trusted users.  The connection will be used by a large companies staff 
for everything from accounting system updates to reporte generation, 
and printing.  I don't want them playing there :D.  The more I talk the 
more this sounds like a VERY restrictive jail.

Thanks again,

ed