From owner-freebsd-current Fri Jan 31 17:28:50 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C125737B401 for ; Fri, 31 Jan 2003 17:28:49 -0800 (PST) Received: from perrin.int.nxad.com (internal.ext.nxad.com [66.250.180.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id 11BDE43F85 for ; Fri, 31 Jan 2003 17:28:49 -0800 (PST) (envelope-from sean@perrin.int.nxad.com) Received: by perrin.int.nxad.com (Postfix, from userid 1001) id CFD5621058; Fri, 31 Jan 2003 17:28:00 -0800 (PST) Date: Fri, 31 Jan 2003 17:28:00 -0800 From: Sean Chittenden To: Christoph Kukulies Cc: freebsd-current@freebsd.org Subject: Re: Cisco vpnclient Message-ID: <20030201012800.GH15936@perrin.int.nxad.com> References: <200301311053.LAA25242@accms33.physik.rwth-aachen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200301311053.LAA25242@accms33.physik.rwth-aachen.de> User-Agent: Mutt/1.4i X-PGP-Key: finger seanc@FreeBSD.org X-PGP-Fingerprint: 6CEB 1B06 BFD3 70F6 95BE 7E4D 8E85 2E0A 5F5B 3ECB X-Web-Homepage: http://sean.chittenden.org/ Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Cisco is offering a VPN client for Linux. I wonder if it would be > possible to run this under FreeBSD. An extra linux kernel module is > being built. Is this already the 'ruled out'? > > If this won't work, I'm afraid I will have to set a dedicated redhat > 6.x/7.x beside my FreeBSD gateway. Would it be possible to use NAT > to extend the VPN (I only have one dedicated fixed IP on the > gateway). Might I suggest using pppd + ssh. In my prior experience, it worked worlds better than the Cisco VPN client and was likely provided a more secure authentication (ssh keys vs. IKE?). As an added bonus, it ssh + pppd doesn't hijack your interface so you can connect to the Internet directly and to your office without having to send your normal Internet traffic through the office. Yes there are security problems with this, but running ipf(w) on the split host works exceedingly well and is generally a tighter firewall than what's put up to protect the office. ;) -sc -- Sean Chittenden To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message