From owner-freebsd-questions Fri Jul 9 23:25:36 1999 Delivered-To: freebsd-questions@freebsd.org Received: from fedde.littleton.co.us (fedde.littleton.co.us [207.204.248.149]) by hub.freebsd.org (Postfix) with ESMTP id 79E4915196 for ; Fri, 9 Jul 1999 23:25:32 -0700 (PDT) (envelope-from cfedde@fedde.littleton.co.us) Received: from fedde.littleton.co.us (localhost.littleton.co.us [127.0.0.1]) by fedde.littleton.co.us (8.9.3/8.9.3) with ESMTP id AAA98058; Sat, 10 Jul 1999 00:25:18 -0600 (MDT) Message-Id: <199907100625.AAA98058@fedde.littleton.co.us> To: "Jon Passki" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Oh, boy, another VPN question In-reply-to: Your message of "Fri, 09 Jul 1999 14:44:39 CDT." <000201beca43$7b2cb660$af00a8c0@lp020001.neicoltech.org> Date: Sat, 10 Jul 1999 00:25:18 -0600 From: Chris Fedde Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I take it from the discussion that the link labeled "Internet Connection" is some kind of personal connection like dialup? If it were simply linking two lans via the internet then it would be a lot easier. A product VPN could be dropped in place at each site. If all the applications can be accessed via a terminal session or via x-windows then you can use SSH and one of the windows X clients (hummingbird?) But if you need true VPN services then you will almost be forced to use Microsoft's solution for the WinTel clients. You may need to run a RAS server inside the FreeBSD gateway. The natd and ipfirewall stuff can provide the needed pass through without going to a full application layer proxy. Have fun! chris "Jon Passki" writes: Okay, I've browsed the mail archive on http://www.freebsd.org and http://www.deja.com for a FreeBSD + VPN solution w/ interoperability on a Windows NT network. SKIP, NATD/IPFW, IPFilter, IPSec, SSH, yadda yadda yadda... I'll lay out the scenario, and see what the guru's say :) ---------- | Client | Microsoft Client (95, 98, NT) Primarily. ---------- FreeBSD Client Secondary. | Internet Connection, don't care how the client connects | just that their client software supports the connection. | Internet Connection | ------------------ | Uplink's Cisco | | 3000 Router | ------------------ | x.x.x.254 (x.x.x.0/24 is a registered range) | | x.x.x.231 (fxp0) -------------- |DMZ Gateway | FreeBSD 3.2 w/ NATD/IPFW and DHCP on the internal -------------- | 192.168.0.1 (vx0) | | 192.168.0.0/16 ]--------------[ NT Network w/ a variety of servers needed for internal development, file access, and other resources What have people used or seen to let a client (running whatever client software) get access to the internal network, and access the internal resources (printers, file servers, ...)? I DON'T want to have an NT Server on the DMZ (I ph33r NT's security :), so the choice is to incorporate eithe r a proxy into the FreeBSD box, or to configure the existing setup. Would there be a better solution other to any I have suggestion? Jon Passki To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message __ Chris Fedde 303 773 9134 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message