Date: Wed, 27 Oct 2004 19:22:10 -0500 From: Eric Crist <ecrist@secure-computing.net> To: Erik Norgaard <norgaard@locolomo.org> Cc: questions@freebsd.org Subject: Re: VPN questions Message-ID: <685CBB3A-2877-11D9-86F0-000D9333E43C@secure-computing.net> In-Reply-To: <417F5E6B.2080100@locolomo.org> References: <417F5E6B.2080100@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail-4-356645904 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On Oct 27, 2004, at 3:38 AM, Erik Norgaard wrote: > Hi, > > I am looking at how to implement VPN but I'm getting confused as to how > IPSec, IKE, OpenSSL, FreeSWAN, racoon etc. all fit into the picture. I > am looking at two scenarios, and I have two questions. > > 1) Standard IPSec tunnel: > > +----+ IPSec/VPN +----+ > LAN---| FW |-----------| FW |---LAN > +----+ +----+ > > In this scenario: Can CARP/pf handle VPN/IPSec connections incase the > master unit fails? (I am assuming that both ends have fixed public > routable ip's). > > 2) VPN for mobile users > > +----+ VPN +-----+ > LAN---| FW |-----------| FW? |---[mobile unit] > +----+ +-----+ > > For mobile users I can't be sure where they are, their ip, or if they > are behind NAT/firewall, nor can I trust the network until the mobile > unit. > > IPSec breaks behind NAT, are there other altertives than ssh-tunnels I > should take a look at? (which? :-) > > Thanks, Erik > -- > Ph: +34.666334818 web: > www.locolomo.org > S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt > Subject ID: > A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 > Fingerprint: > 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 Take a look at mpd in the ports tree for the mobile connections. I use it on a regular basis, and it is really easy to setup. Also, unlike poptop, mpd supports encryption. My particular setup is for 128-bit encryption and I allow 3 different connections at once. HTH ----- Eric F Crist Secure Computing Networks --Apple-Mail-4-356645904 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iEYEARECAAYFAkGAO7IACgkQRAAY9knOW+qi1QCfVQgn8ncY4V5/CpMAYwGxSpkx FnEAniiK7VDD+hO6NczvVBlTbeffXk4I =RoKN -----END PGP SIGNATURE----- --Apple-Mail-4-356645904--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?685CBB3A-2877-11D9-86F0-000D9333E43C>