Date: Thu, 10 Oct 2002 08:24:33 +0300 From: Peter Pentchev <roam@ringlet.net> To: Chris McCluskey <chris@digitaldeck.com> Cc: freebsd-security@freebsd.org Subject: Re: VPN Solutions for Win 2K/XP -> FreeBSD (Possible FAQ entry) Message-ID: <20021010052433.GZ376@straylight.oblivion.bg> In-Reply-To: <NIEPJAOGGDJEAPOOENIOGEGFCBAA.chris@digitaldeck.com> References: <NIEPJAOGGDJEAPOOENIOGEGFCBAA.chris@digitaldeck.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Wed, Oct 09, 2002 at 02:02:29PM -0700, Chris McCluskey wrote: > Where is the FBSD security mailing list FAQ? > > If this question is in the FAQ please excuse the repeat, if it's not then > perhaps it couple be added: > > I'm looking for a solution to allow a Win 2K/XP client to tunnel though a > FreeBSD box to a LAN, meeting the following requirements: > > 1. The VPN server (a FreeBSD machine) is running NAT so the VPN solution > must be compatible. > > 2. I would like to use the stock MS VPN connection tools (PPTP/L2TP) to keep > things simple for the MS end users. > > 3. If possible I would like to keep the certificate management down to a > minimum -- possibly using local user level authentication in preference to a > preshared CA cert. > > Does anyone have any experience and good stories in this area? I have looked > at a variety of solutions on the Internet, but all that I have found either > requires manual adjustment of security policy > (http://www.wiretapped.net/~fyre/ipsec/) -- which I'm not sure if my MS end > users could do without incident) or others involving complications with NAT > (http://www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO.html). Any pointers to the > "cleanest path" would be appreciated. A very similar question was asked in this list yesterday; the answer, if you really do not mind using Win2K's PPTP implementation with the recently discovered DoS attacks, may well be the same: ports/net/mpd. Build Netgraph into the kernel or load it as a KLD, then run mpd in server mode as shown in the sample config files, click your way through setting up a new VPN/PPTP connection on the Win2K box, and you're on. G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I am jealous of the first word in this sentence. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9pQ8Q7Ri2jRYZRVMRAu4wAKCc8Qz6TTqqjdfLiT1C4DRSIZUUngCeIqxg UXqrepj0Du9s04OcwL0cDFg= =I3eI -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021010052433.GZ376>