From owner-freebsd-questions@FreeBSD.ORG Sat Mar 15 22:35:45 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1F5C0D7A for ; Sat, 15 Mar 2014 22:35:45 +0000 (UTC) Received: from dorsai-02.celestial.com (dorsai-02.celestial.com [192.136.111.19]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id DB48ECCE for ; Sat, 15 Mar 2014 22:35:43 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by dorsai-02.celestial.com (Postfix) with ESMTP id 5327D20486FC for ; Sat, 15 Mar 2014 15:41:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at celestial.com Received: from dorsai-02.celestial.com ([127.0.0.1]) by localhost (dorsai-02.celestial.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 7cPhD9xomYju for ; Sat, 15 Mar 2014 15:41:12 -0700 (PDT) Received: from ayn.mi.celestial.com (hayek.celestial.com [192.136.111.12]) by dorsai-02.celestial.com (Postfix) with ESMTP id 0A1FE202166C for ; Sat, 15 Mar 2014 15:41:11 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by ayn.mi.celestial.com (Postfix) with ESMTP id BF6C444F930A; Sat, 15 Mar 2014 15:35:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at mi.celestial.com Received: from ayn.mi.celestial.com ([127.0.0.1]) by localhost (ayn.mi.celestial.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id aq5ooMgeLYIA; Sat, 15 Mar 2014 15:35:36 -0700 (PDT) Received: by ayn.mi.celestial.com (Postfix, from userid 203) id A2AEF44F9309; Sat, 15 Mar 2014 15:35:36 -0700 (PDT) Date: Sat, 15 Mar 2014 15:35:36 -0700 From: Bill Campbell To: freebsd-questions@freebsd.org Subject: Re: VPN choices? Message-ID: <20140315223536.GA15035@ayn.mi.celestial.com> Mail-Followup-To: freebsd-questions@freebsd.org References: <5321F437.25463.1EE12BF@g8kbvdave.gmail.com> <5322B0BB.1070409@laverenz.de> <5322B2A6.6020305@at-hacker.in> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5322B2A6.6020305@at-hacker.in> User-Agent: Mutt/1.5.19 OpenPKG/CURRENT (2009-01-05) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: freebsd@celestial.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Mar 2014 22:35:45 -0000 On Fri, Mar 14, 2014, Alex Pereklad wrote: > 14.03.2014 11:33, Uwe Laverenz ??????????: >> I would recommend OpenVPN: it's free, reliable, scalable and quite >> easy to install. There are tons of docs and howtos available. >> >> If you need a comfortable windows client, please have a look at this one: >> >> http://sourceforge.net/projects/securepoint/files/?source=navbar >> > OpenVPN has very strange behavior sometimes. For example, on server you > have server's side of VPN tunnel IP 192.168.1.1 and client's side IP > 192.168.1.2. You suppose that you openvpn client gets tunnel IP > 192.168.1.2. But that's not true. The client thinks that it has IP > 192.168.1.6 and the server has 192.168.1.5 %-( That's strange :-) And > you can't ping IP 192.168.1.2 from server, but can ping 192.168.1.6 :-) > But you have to set 192.168.1.2 as router to the client's network, not > 192.168.1.6. That's not an OpenVPN problem, but the result of using commodity routers with their default 192.168.1.0/24 LAN networks at both ends of the tunnel. Change the LAN addresses on one or both ends of the connection to different private subnets that don't conflict. Bill -- INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792 I don't care how little your country is, you got a right to run it like you want to. When the big nations quit meddling, then the world will have peace. -- Will Rogers