From owner-freebsd-net@FreeBSD.ORG  Wed Aug  8 22:05:06 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6F1CA16A417
	for <net@freebsd.org>; Wed,  8 Aug 2007 22:05:06 +0000 (UTC)
	(envelope-from brett@lariat.net)
Received: from lariat.net (lariat.net [66.119.58.2])
	by mx1.freebsd.org (Postfix) with ESMTP id E4A9A13C468
	for <net@freebsd.org>; Wed,  8 Aug 2007 22:05:05 +0000 (UTC)
	(envelope-from brett@lariat.net)
Received: from anne-o1dpaayth1.lariat.org (IDENT:ppp1000.lariat.net@lariat.net
	[66.119.58.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id QAA14169
	for <net@freebsd.org>; Wed, 8 Aug 2007 16:05:00 -0600 (MDT)
Message-Id: <200708082205.QAA14169@lariat.net>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Wed, 08 Aug 2007 16:04:47 -0600
To: net@freebsd.org
From: Brett Glass <brett@lariat.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: 
Subject: SSTP support?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Aug 2007 22:05:06 -0000

All:

Microsoft has apparently come out with a new VPN protocol called 
SSTP. There's no RFC for it, but it's essentially PPP over SSL, 
with the encryption coming from SSL and the authentication still 
done within PPP. It should be an improvement over PPTP, which is 
blocked by default by all of the major Windows firewalls (even 
though the security problems in it have pretty much been fixed) and 
has many incompatible or marginal implementations. PPTP is turning 
into a tech support nightmare, and we'd be eager to replace it with 
something similar that was more reliable and goof-proof.

It seems as if it would be easy to cobble together an SSTP client 
and server using code already available on FreeBSD. (It'd require a 
daemon for userland PPP and probably an SSL Netgraph node -- which, 
surprisingly, doesn't seem to exist already -- for mpd.) Is anyone 
already working on such a project?

--Brett Glass