From owner-freebsd-net@FreeBSD.ORG  Wed Mar 22 22:17:52 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 89D9B16A400
	for <freebsd-net@freebsd.org>; Wed, 22 Mar 2006 22:17:52 +0000 (UTC)
	(envelope-from mgrooms@shrew.net)
Received: from shrew.net (shrew.net [200.46.204.197])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2A15843D4C
	for <freebsd-net@freebsd.org>; Wed, 22 Mar 2006 22:17:51 +0000 (GMT)
	(envelope-from mgrooms@shrew.net)
Received: from hole.shrew.net (66-90-165-114.dyn.grandenetworks.net
	[66.90.165.114]) by shrew.net (Postfix) with ESMTP id 6A6854DB01D
	for <freebsd-net@freebsd.org>; Wed, 22 Mar 2006 16:17:47 -0600 (CST)
Received: from [10.22.200.21] ([10.22.200.21])
	by hole.shrew.net (8.13.4/8.13.4) with ESMTP id k2MMHkDR014359
	for <freebsd-net@freebsd.org>; Wed, 22 Mar 2006 16:17:47 -0600 (CST)
	(envelope-from mgrooms@shrew.net)
Message-ID: <4421CCF3.9010907@shrew.net>
Date: Wed, 22 Mar 2006 16:17:23 -0600
From: Matthew Grooms <mgrooms@shrew.net>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL 
	autolearn=ham version=3.0.4
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on hole.shrew.net
Subject: FreeBSD as a VPN Client Gateway ...
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2006 22:17:52 -0000

All,

      If anyone would like to use FreeBSD as a VPN gateway but have the 
usual Win2K/XP clients to support, here is a free software product that 
may be of interest ...

http://www.shrew.net/download

      The VPN Client was designed to work with ipsec-tools + FreeBSD as 
the gateway but others such as NetBSD have been tested. Features include 
multiple XAuth user authentication modes, automatic client network 
configuration, remote network topology download, NAT Traversal, IKE 
fragmentation and transport pre-fragmentation ( ala NetBSD 3.0 ). The 
latter three are useful for clients behind NAT devices or broken 
DSL/Cable routers that drop large or fragmented UDP packets.

      If you are interested in using NAT-T, you should have a look at 
Yvans kernel patch which offers everything but transport 
pre-fragmentation support ...

http://ipsec-tools.sf.net/freebsd6-natt.diff

Feedback and bug reports are appreciated ( off this list ).

-Matthew