From owner-freebsd-questions@FreeBSD.ORG Wed Aug 9 17:42:56 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2895916A4E0 for ; Wed, 9 Aug 2006 17:42:56 +0000 (UTC) (envelope-from freebsd@dfwlp.com) Received: from zeus.dfwlp.com (zeus.dfwlp.com [208.11.134.127]) by mx1.FreeBSD.org (Postfix) with ESMTP id 979FC43DA7 for ; Wed, 9 Aug 2006 17:42:28 +0000 (GMT) (envelope-from freebsd@dfwlp.com) Received: from athena.dfwlp.com (athena.dfwlp.com [192.168.125.83]) (authenticated bits=0) by zeus.dfwlp.com (8.13.6/8.13.6) with ESMTP id k79HgP3v003556; Wed, 9 Aug 2006 12:42:25 -0500 (CDT) (envelope-from freebsd@dfwlp.com) From: Jonathan Horne To: Odhiambo Washington , freebsd-questions@freebsd.org Date: Wed, 9 Aug 2006 12:42:25 -0500 User-Agent: KMail/1.9.3 References: <20060809173312.GA45250@ns2.wananchi.com> In-Reply-To: <20060809173312.GA45250@ns2.wananchi.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200608091242.25563.freebsd@dfwlp.com> X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on zeus.dfwlp.com Cc: Subject: Re: FreeBSD as a VPN Server/Router X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Aug 2006 17:42:56 -0000 there is a freebsd based project called pfsense (.org) that would suit your needs perfectly. ive been running it for quite a while now, and i think its the best thing since sliced bread. i have a IPSec WAN between 2 sites (my apt, and my servers that are at a colo). tons of features that are found on other expensive firewalls, are included! cheers, jonathan On Wednesday 09 August 2006 12:33, Odhiambo Washington wrote: > I am going to venture into the field of the security gurus so help me > God! It looks like I am gonna get stuck in wet cement, I can feel it;) > > I have two sites, siteA and siteB. Each site has a horde of Windows PCs > behind a FreeBSD box, which acts as a firewall/router/proxy/everything:) > Each site has got a dedicated connection to an ISP. At the moment it's > the same ISP, if that matters, but my thinking is that it can be any > ISP. > > I have a challenge of establishing a WAN between the two sites. They > are geographically apart. In this scenario, siteA has several > applications running on several windows servers which are behind the > FreeBSD box. > The challenge is to allow siteB to access these applications securely > via the WAN setup. VPN comes straight to mind, but this is a new area > to me. > > The boxes are both FreeBSD 5.5-STABLE. > > I am looking for pointers/clues on how to do the setup in a clean way, > while adhering to K.I.S.S as closely as possible. > > If extra hardware (other than the FreeBSD boxes) is required so that > the WAN is efficient, I'd be happy to know. > > I am very optimistic on pulling this one off, since I belong to a > community full of security experts (FreeBSD users). > > PS: I am already googling, perhaps with the wrong keywords:-) > > -Wash > > http://www.netmeister.org/news/learn2quote.html > > DISCLAIMER: See http://www.wananchi.com/bms/terms.php > > -- > +======================================================================+ > > |\ _,,,---,,_ | Odhiambo Washington > > Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com > > |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 > > '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 > +======================================================================+ > > Who messed with my anti-paranoia shot? > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"