From owner-freebsd-stable  Mon May 21 12:18:40 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from mail2.uniserve.com (mail2.uniserve.com [204.244.156.10])
	by hub.freebsd.org (Postfix) with ESMTP id CA42737B424
	for <freebsd-stable@freebsd.org>; Mon, 21 May 2001 12:18:36 -0700 (PDT)
	(envelope-from tom@uniserve.com)
Received: from mail2.uniserve.com ([204.244.156.10])
	by mail2.uniserve.com with esmtp (Exim 3.13 #1)
	id 151vC8-000Evy-00; Mon, 21 May 2001 12:18:20 -0700
Date: Mon, 21 May 2001 12:18:20 -0700 (PDT)
From: Tom <tom@uniserve.com>
X-Sender: tom@athena.uniserve.ca
To: Alex Markov <alex@asdg.ru>
Cc: freebsd-stable@freebsd.org
Subject: Re: L2TP and FreeBSD - is it possible?
In-Reply-To: <000901c0e1f7$716cc7a0$1945a4d4@asdg.ru>
Message-ID: <Pine.BSF.4.10.10105211212510.54153-100000@athena.uniserve.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


On Mon, 21 May 2001, Alex Markov wrote:

> Hello, FreeBSD community!
> 
> Firstly, excuse my English! ;-)
> 
> DESCRIPTION: I have Win2000 server in private network (IP = 192.168.1.1)
> and FreeBSD box with two netcards (one of them plugged to 192.168.1/24
> network, another - in ISP's LAN). On FreeBSD i have "closed"-style
> firewall and some services (primary DNS, proxy & mail). I have not and
> even don't plan to install NAT on this box.
> 
> Now, i want to grant access for our remote users to Win2000 server in
> internal network through L2TP+IPSec. Latter part doesn't bother me, but
> former... So, i need a good advice from guru:
> 
> a) Is L2TP supported by FreeBSD?
> 
> b) Which way is more "right" - to install L2TP server on Win2000 and
> divert all VPN traffic to it, or configure FreeBSD box as L2TP server?
> 
> c) Is there any resources about "L2TP & FreeBSD" (i know, it should be
> first question)?

  L2TP + IPSec is a difficult combination.  FreeBSD supports IPSec
natively, but has no native support for L2TP.  Microsoft decided that they
would encapsulate IPSec traffic in a L2TP tunnel, while FreeBSD can do
IPSec tunnels.  There is a L2TP addon from marko.net, but it is unlikely
to work with FreeBSD's IPSec.

  You could always use PPTP instead of L2TP+IPSec.  The encryption isn't
as strong as IPSec though.  The mpd port PPTP.  Microsoft has a PPTP
addon for Windows available.  You could install mpd on your firewall, and
allow connections to your internal LAN.

Tom



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message