Date: Thu, 10 Oct 2002 08:24:33 +0300 From: Peter Pentchev <roam@ringlet.net> To: Chris McCluskey <chris@digitaldeck.com> Cc: freebsd-security@freebsd.org Subject: Re: VPN Solutions for Win 2K/XP -> FreeBSD (Possible FAQ entry) Message-ID: <20021010052433.GZ376@straylight.oblivion.bg> In-Reply-To: <NIEPJAOGGDJEAPOOENIOGEGFCBAA.chris@digitaldeck.com> References: <NIEPJAOGGDJEAPOOENIOGEGFCBAA.chris@digitaldeck.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Wt10+cXOThorkX0z Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 09, 2002 at 02:02:29PM -0700, Chris McCluskey wrote: > Where is the FBSD security mailing list FAQ? >=20 > If this question is in the FAQ please excuse the repeat, if it's not then > perhaps it couple be added: >=20 > I'm looking for a solution to allow a Win 2K/XP client to tunnel though a > FreeBSD box to a LAN, meeting the following requirements: >=20 > 1. The VPN server (a FreeBSD machine) is running NAT so the VPN solution > must be compatible. >=20 > 2. I would like to use the stock MS VPN connection tools (PPTP/L2TP) to k= eep > things simple for the MS end users. >=20 > 3. If possible I would like to keep the certificate management down to a > minimum -- possibly using local user level authentication in preference t= o a > preshared CA cert. >=20 > Does anyone have any experience and good stories in this area? I have loo= ked > at a variety of solutions on the Internet, but all that I have found eith= er > requires manual adjustment of security policy > (http://www.wiretapped.net/~fyre/ipsec/) -- which I'm not sure if my MS e= nd > users could do without incident) or others involving complications with N= AT > (http://www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO.html). Any pointers to t= he > "cleanest path" would be appreciated. A very similar question was asked in this list yesterday; the answer, if you really do not mind using Win2K's PPTP implementation with the recently discovered DoS attacks, may well be the same: ports/net/mpd. Build Netgraph into the kernel or load it as a KLD, then run mpd in server mode as shown in the sample config files, click your way through setting up a new VPN/PPTP connection on the Win2K box, and you're on. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I am jealous of the first word in this sentence. --Wt10+cXOThorkX0z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9pQ8Q7Ri2jRYZRVMRAu4wAKCc8Qz6TTqqjdfLiT1C4DRSIZUUngCeIqxg UXqrepj0Du9s04OcwL0cDFg= =I3eI -----END PGP SIGNATURE----- --Wt10+cXOThorkX0z-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021010052433.GZ376>