From owner-freebsd-current Fri Jan 31 17:52:47 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A52937B401 for ; Fri, 31 Jan 2003 17:52:45 -0800 (PST) Received: from creme-brulee.marcuscom.com (rdu57-17-158.nc.rr.com [66.57.17.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3AC5B43F43 for ; Fri, 31 Jan 2003 17:52:44 -0800 (PST) (envelope-from marcus@marcuscom.com) Received: from [192.168.1.4] (shumai.marcuscom.com [192.168.1.4]) by creme-brulee.marcuscom.com (8.12.6/8.12.6) with ESMTP id h111pwDZ054978; Fri, 31 Jan 2003 20:51:58 -0500 (EST) (envelope-from marcus@marcuscom.com) Subject: Re: Cisco vpnclient From: Joe Marcus Clarke To: Sean Chittenden Cc: Christoph Kukulies , freebsd-current@FreeBSD.ORG In-Reply-To: <20030201012800.GH15936@perrin.int.nxad.com> References: <200301311053.LAA25242@accms33.physik.rwth-aachen.de> <20030201012800.GH15936@perrin.int.nxad.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-oNcRPXdglKlO795dZXmZ" Organization: MarcusCom, Inc. Message-Id: <1044064351.46355.51.camel@shumai.marcuscom.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.1 Date: 31 Jan 2003 20:52:32 -0500 X-Spam-Status: No, hits=-2.9 required=5.0 tests=AWL,IN_REP_TO,NOSPAM_INC,PGP_SIGNATURE_2,QUOTED_EMAIL_TEXT, REFERENCES,SPAM_PHRASE_01_02 version=2.43 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --=-oNcRPXdglKlO795dZXmZ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2003-01-31 at 20:28, Sean Chittenden wrote: > > Cisco is offering a VPN client for Linux. I wonder if it would be > > possible to run this under FreeBSD. An extra linux kernel module is > > being built. Is this already the 'ruled out'? > >=20 > > If this won't work, I'm afraid I will have to set a dedicated redhat > > 6.x/7.x beside my FreeBSD gateway. Would it be possible to use NAT > > to extend the VPN (I only have one dedicated fixed IP on the > > gateway). >=20 > Might I suggest using pppd + ssh. In my prior experience, it worked > worlds better than the Cisco VPN client and was likely provided a more > secure authentication (ssh keys vs. IKE?). As an added bonus, it ssh > + pppd doesn't hijack your interface so you can connect to the > Internet directly and to your office without having to send your > normal Internet traffic through the office. Yes there are security > problems with this, but running ipf(w) on the split host works > exceedingly well and is generally a tighter firewall than what's put > up to protect the office. ;) -sc This is actually what I use to connect into Cisco (well, I use ppp+ssh). The downside is that right now, my "VPN concentrator" is being moved from one building to another, and I have no FreeBSD connectivity. Also, other companies might only allow inbound access via a proprietary VPN client. For those that also offer SSH, you're right, my make-shift VPN is much more flexible that what the Cisco VPN client provides. Joe --=20 PGP Key : http://www.marcuscom.com/pgp.asc --=-oNcRPXdglKlO795dZXmZ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+Oyhfb2iPiv4Uz4cRAifXAJ98QVxZ8PQVJRO3i6ziCw/0EAYejwCeO/Nu SnguDc1D3R2rDrUUgjpOE8g= =xu1T -----END PGP SIGNATURE----- --=-oNcRPXdglKlO795dZXmZ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message