Date: Thu, 10 Jun 2004 02:39:11 -0700 From: "Aaron Burke" <aburke@nullplusone.com> To: <jmlewis@dslextreme.com>, <freebsd-questions@freebsd.org> Subject: RE: VPN server Message-ID: <AMEMKJNMFLJCJDLFIEDBEEKBHLAA.aburke@nullplusone.com> In-Reply-To: <1338a10374a61b2a81baa.20040608151041.wzyrjvf@www.dslextreme.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I am looking for some recomendations for a powerful (yet simple if > possible) VPN server. You have two options, there is 'mpd' and 'PoPToP'. I have run them both, but mpd seems to support Microsoft clients with less hassle (at least in my experience). > At present I will need to only have access to one other network in a > different office running Win2K PPTP. Hopefully I will need to expand in > the future to other networks that may or may not be MS based. This can be done using ip routing. You can create a static route between the two networks on the PPTP server and client. The windows client will get its configuation data from the VPN Server (FreeBSD). However, You may want to add a static route to FreeBSD that will send remote LAN specific traffic down the VPN link. Pretend that your remote network in the office is numbered 192.168.20.1/24. myUnix# route add -net 192.168.20 192.168.20.1 255.255.255.0 One other thing to disable (its on by default) is that the Windows implimentation of the VPN client will route all traffic over the VPN. I doubt that this is what you want, and you can disable it in the VPN/PPTP connection properties on the windows machine. In Windows XP Professional, I do the following. Open the VPN Connection Properties. Select the "Networking" Tab. Select "Internet Protocol (TCP/IP)" and click properties. Click on "Advanceed". Uncheck "Use default gateway on remote network". Both products (mpd and poptop) will work, but they both require a little bit of configuration. The current mpd in the ports tree has some examples you may want to look at. > I would like if possible for the connections to be completly transparent > to a user. Best case senario is the user signs on to thier FreeBSD (I am > in a mixed network so there are a few XP systems also) system and opens up > an application (or browse to a share on the other network) that connects > to the other network and it connects without any more user intervention. Well, if you have a FreeBSD box in both places, there are lots of other options as well. My friend Nick runs a FreeBSD machine and we use a 'gif' tunnel (IPv4 over IPv4) with IPSec encrypting the data before it goes over the wire. There other solutions as well such as 'nos-tun'. I think that 'nos-tun' is part of the base installation and uses the 'tun' device (part of the GENERIC kernel) by default. > > LOL I am not asking much am I? Not at all. '-questions' is a good place for this question. In fact if you search through the archives, I have posted similar VPN questions in the past to this same list. > > Thank you, > Joshua Lewis Aaron Burke (private email address because I HATE spam)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AMEMKJNMFLJCJDLFIEDBEEKBHLAA.aburke>