From owner-freebsd-security Wed Oct 9 13:56:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7AFFB37B401 for ; Wed, 9 Oct 2002 13:56:46 -0700 (PDT) Received: from harrier.mail.pas.earthlink.net (harrier.mail.pas.earthlink.net [207.217.120.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A0FB43E88 for ; Wed, 9 Oct 2002 13:56:46 -0700 (PDT) (envelope-from chris@digitaldeck.com) Received: from user-vcaus12.dsl.mindspring.com ([216.175.112.34] helo=protools) by harrier.mail.pas.earthlink.net with smtp (Exim 3.33 #1) id 17zNsn-0007mv-00 for freebsd-security@freebsd.org; Wed, 09 Oct 2002 13:56:42 -0700 From: "Chris McCluskey" To: Subject: VPN Solutions for Win 2K/XP -> FreeBSD (Possible FAQ entry) Date: Wed, 9 Oct 2002 14:02:29 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Where is the FBSD security mailing list FAQ? If this question is in the FAQ please excuse the repeat, if it's not then perhaps it couple be added: I'm looking for a solution to allow a Win 2K/XP client to tunnel though a FreeBSD box to a LAN, meeting the following requirements: 1. The VPN server (a FreeBSD machine) is running NAT so the VPN solution must be compatible. 2. I would like to use the stock MS VPN connection tools (PPTP/L2TP) to keep things simple for the MS end users. 3. If possible I would like to keep the certificate management down to a minimum -- possibly using local user level authentication in preference to a preshared CA cert. Does anyone have any experience and good stories in this area? I have looked at a variety of solutions on the Internet, but all that I have found either requires manual adjustment of security policy (http://www.wiretapped.net/~fyre/ipsec/) -- which I'm not sure if my MS end users could do without incident) or others involving complications with NAT (http://www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO.html). Any pointers to the "cleanest path" would be appreciated. Thank you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message