From owner-freebsd-questions Wed Oct 9 8: 9:19 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 576E737B404 for ; Wed, 9 Oct 2002 08:09:16 -0700 (PDT) Received: from south.nanolink.com (south.nanolink.com [217.75.134.10]) by mx1.FreeBSD.org (Postfix) with SMTP id 84CC143E3B for ; Wed, 9 Oct 2002 08:09:13 -0700 (PDT) (envelope-from roam@ringlet.net) Received: (qmail 32962 invoked by uid 85); 9 Oct 2002 15:19:52 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by south.nanolink.com with SMTP; 9 Oct 2002 15:19:48 -0000 Received: (qmail 82038 invoked by uid 1000); 9 Oct 2002 15:09:03 -0000 Date: Wed, 9 Oct 2002 18:09:02 +0300 From: Peter Pentchev To: Andy Cc: Ivailo Tanusheff , FreeBSD Questions , FreeBSD Net , FreeBSD Security Subject: Re: VPN Tunneling Message-ID: <20021009150902.GV376@straylight.oblivion.bg> Mail-Followup-To: Andy , Ivailo Tanusheff , FreeBSD Questions , FreeBSD Net , FreeBSD Security References: <01d901c26f81$984bbd40$faf810ac@sof.procreditbank.bg> <01d901c26f81$984bbd40$faf810ac@sof.procreditbank.bg> <5.1.1.6.0.20021009083403.01c88f88@mail.seahorse.wsonline.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xe2geHXJg22At20M" Content-Disposition: inline In-Reply-To: <5.1.1.6.0.20021009083403.01c88f88@mail.seahorse.wsonline.net> User-Agent: Mutt/1.5.1i X-Virus-Scanned: by Nik's Monitoring Daemon (AMaViS perl-11d ) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --xe2geHXJg22At20M Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 09, 2002 at 08:37:30AM -0600, Andy wrote: >=20 > >On Wed, Oct 09, 2002 at 01:49:51PM +0300, Ivailo Tanusheff wrote: > >Hello, > > > >I'm trying to make a VPN tunnel between a FreeBSD machine and a Win2K > >Machine. My configuration is: > > > >{Net1} <---> <--...--> <---> {Net2} > > > >Win2k machine has dynamically assigned IP address as it's connecting to > >public ISP. Can you help me build the tunnel? >=20 > At 05:04 10/09/2002, Peter Pentchev wrote: >=20 > >Take a look at the net/mpd port; it needs Netgraph either built into the > >kernel, or loaded as a KLD. Then, on the Win2K side, use the PPTP VPN > >connections ('Connect to a private network through the Internet'). > >Things are *very* easy to set up, actually :) > > > >Drop me a private mail if you need some help, or we just might meet on > >IRC :) > > > >G'luck, > >Peter >=20 > Will this method permit incoming connections from the out side Internet a= nd=20 > then forward them to a box with an internal IP address on net1? Where th= e=20 > FreeBSD box is acting as a gateway/natd for the net1 internal network. In this case, the FreeBSD box does not act as a gateway, merely as a tunnel endpoint. It may be otherwise configured to act as a NAT gateway, but this is independend: this allows another FreeBSD or Win2K or maybe even Linux box to establish a PPTP VPN tunnel, and perform direct routing between net1 and net2. Any machine within net1 will be abel to reach net2 directly, and vice versa. To let machines from the outside Internet -- not the other side of the tunnel -- reach the inside boxes, you will need to set up some other NAT mechanism, but, once again, this is entirely independent of mpd - mpd will provide the VPN functionality regardless of whether the FreeBSD box is also acting as a NAT gateway. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I am not the subject of this sentence. --xe2geHXJg22At20M Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9pEaO7Ri2jRYZRVMRAnxTAJsE5UmtoHy0CGL5G+A/h2QD8kN5HQCeNEc7 DEcwpPcTKKYbXAsW+8Yrc38= =kaSl -----END PGP SIGNATURE----- --xe2geHXJg22At20M-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message