Date: Wed, 27 Oct 2004 10:38:03 +0200 From: Erik Norgaard <norgaard@locolomo.org> To: questions@freebsd.org Subject: VPN questions Message-ID: <417F5E6B.2080100@locolomo.org>
next in thread | raw e-mail | index | archive | help
Hi,
I am looking at how to implement VPN but I'm getting confused as to how
IPSec, IKE, OpenSSL, FreeSWAN, racoon etc. all fit into the picture. I
am looking at two scenarios, and I have two questions.
1) Standard IPSec tunnel:
+----+ IPSec/VPN +----+
LAN---| FW |-----------| FW |---LAN
+----+ +----+
In this scenario: Can CARP/pf handle VPN/IPSec connections incase the
master unit fails? (I am assuming that both ends have fixed public
routable ip's).
2) VPN for mobile users
+----+ VPN +-----+
LAN---| FW |-----------| FW? |---[mobile unit]
+----+ +-----+
For mobile users I can't be sure where they are, their ip, or if they
are behind NAT/firewall, nor can I trust the network until the mobile unit.
IPSec breaks behind NAT, are there other altertives than ssh-tunnels I
should take a look at? (which? :-)
Thanks, Erik
--
Ph: +34.666334818 web: www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?417F5E6B.2080100>