From owner-freebsd-questions@FreeBSD.ORG Tue Jun 17 21:31:39 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC4C537B401 for ; Tue, 17 Jun 2003 21:31:39 -0700 (PDT) Received: from mta1.adelphia.net (mta1.adelphia.net [64.8.50.175]) by mx1.FreeBSD.org (Postfix) with ESMTP id 223CD43FAF for ; Tue, 17 Jun 2003 21:31:39 -0700 (PDT) (envelope-from wmoran@potentialtech.com) Received: from potentialtech.com ([24.53.161.217]) by mta1.adelphia.net (InterMail vM.5.01.05.32 201-253-122-126-132-20030307) with ESMTP id <20030618043412.JTYV25556.mta1.adelphia.net@potentialtech.com>; Wed, 18 Jun 2003 00:34:12 -0400 Message-ID: <3EEFEB2A.6050306@potentialtech.com> Date: Wed, 18 Jun 2003 00:31:38 -0400 From: Bill Moran User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3) Gecko/20030429 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "P. U. Kruppa" References: <20030617004110.05473440.dmp@pantherdragon.org> <3EEF7F00.6000101@potentialtech.com> <20030618052616.I668@small.pukruppa.de> In-Reply-To: <20030618052616.I668@small.pukruppa.de> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: Darren Pilgrim cc: questions@freebsd.org Subject: Re: Secure tunnel: SSH or SSL or IPsec? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jun 2003 04:31:40 -0000 P. U. Kruppa wrote: > On Tue, 17 Jun 2003, Bill Moran wrote: > >>Darren Pilgrim wrote: >> >>>I need to create a secure connection over the inter between my workstation at >>>home and a server I have elsewhere. My workstation is running RELENG_5_0 and >>>the server runs RELENG_4_8, both up to date. I need the secure connection to >>>occasionally access swat and VNC remotely. You can assume all the ports I'll be >>>accessing are local to the server. My workstation is behind a Linksys BEFSR >>>router doing NAT with an IPsec passthrough. >>> >>>What would work best in this situation? >> >>Just to throw something else into the mix. >> >>I've used vtun in the ports (net/vtun) with great success. It's fairly easy >>to set up and works like a charm. >>You can configure it to use any port you want, whatever's available. >>It's what I would use if I were in your situation, so I thought I'd recommend it. > > Just to throw something else ... :-) > vtun really works well - as long as both client and server have > static IP's . > Do you have any idea what can be done if the client has a dynamic > IP ? Connecting from client to server always works well. But the > other way round my connection breaks after some time and cannot > be restablished. I haven't had any problem with this, since I've never had the need to connect from server to client. All sessions were initiated from the client. I don't know of a clean solution to allow you to connect to an IP that keeps changing, for any type of VPN software. -- Bill Moran Potential Technologies http://www.potentialtech.com