Date: Fri, 11 Oct 2002 15:41:38 -0400 From: MrWebby <mrwebby@bigfoot.com> To: freebsd-questions@freebsd.org Subject: IPsec Tunneling (VPN) from WIN2K (client) to FreeBSD (Server) Message-ID: <3DA72972.7030706@bigfoot.com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------000703050902030406070700
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: IPsec Tunneling (VPN) from WIN2K (client) to FreeBSD (Server)
Hello all,
I hope you can understand how desperate I am to figure out what to do.
I need to enable tunnels from my laptop running Windows 2000 Pro to
my FreeBSD 4.6. I have a Cable Modem link to the Internet and for my
firewall and NAT router I use a D-Link 707 Residencial Router capable
of allowing VPN using IPsec 'only'.
----------
VPN Sever Gateway | |
----------- ----------- | |
192.168.0.3 -------- 192.168.0.1 ----------------------- Internet |
----------- ----------- | |
FreeBSD 4.6 xxx.xxx.xxx.xxx | |
----------
-IPsec Enabled IPsec: |
-Running Racoon -ESP mode |
-Setkey -In Tunnel Mode (DUH!) |
-OpenSSL Certificates -DES encryption |
-psk.txt -ESP mode with no encapsulation |
-VPN Sever: PoPToPt -no Integrity |
-Pre-Shared keys |
|
|
|
Client |
------------- |
192.168.0.226 ---------------------------------------|
-------------
Windows 2000 Pro
-IPsec enabled
-Certificate Install
As this diagram explains I'm running FreeBSD 4.6 with PoPToP, Racoon
for sharing keys and IPsec enabled in the Kernel. The gateway/NAT
router allows IPsec VPN with DES encryption in ESP mode with no
encapsulation, no Integrity, in Tunnel mode and using a pre-shared
key.
I don't know what "no Integrity" means neither why ESP
cannot "encapsulate".
Please, help me in anyway you can. Point me to any webpages you think
will help me.
THIS IS WHAT I HAVE DONE SO FAR:
- PoPToP works. In its bare bones without IPsec policies and racoon's
deamon turned off I can connect 'directly' to the server from within
the LAN.
- Racoon has been installed.
- I have searched the Internet and followed various HOWTO's but none
of the are based on the scheme I'm using. Usually they involve two
FreeBSD machines, a Windows 2000 Server, etc.
- I have read the FreeBSD Handbook Section on IPsec, setkey man pages
and racoon man pages.
- Tried several times to set the security policies in "both" machines
and connect but the results are worse everytime.
- A set of certificates have been made and installed. I followed a
guide that made me create OpenSSL certificates and installed them,
but I can't quite figure out when they come into play.
My major problem has been setting up the Security Policies in both
Machines. I think that's the step that's causing me all this trouble.
The most confusing thing to me is why there is no way of editing the
security policies in the Gateway.
Please, excuse my ignorance and I appreciate all the help I can
recieve.
MrWebby
--------------000703050902030406070700
Content-Type: message/rfc822;
name="nsmail.eml.eml"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="nsmail.eml.eml"
Received: (qmail 97564 invoked from network); 11 Oct 2002 19:13:32 -0000
Received: from unknown (66.218.66.218)
by m7.grp.scd.yahoo.com with QMQP; 11 Oct 2002 19:13:32 -0000
Received: from unknown (HELO n23.grp.scd.yahoo.com) (66.218.66.79)
by mta3.grp.scd.yahoo.com with SMTP; 11 Oct 2002 19:13:31 -0000
X-eGroups-Return: mrwebby@bigfoot.com
Received: from [66.218.67.152] by n23.grp.scd.yahoo.com with NNFMP; 11 Oct 2002 19:13:31 -0000
Date: Fri, 11 Oct 2002 19:13:29 -0000
From: "MrWebby" <mrwebby@bigfoot.com>
To: freebsd-questions@egroups.com
Subject: IPsec Tunneling (VPN) from WIN2K (client) to FreeBSD (Server)
Message-ID: <ao77sq+l15v@eGroups.com>
User-Agent: eGroups-EW/0.82
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Mailer: Yahoo Groups Message Poster
X-Originating-IP: 209.122.138.242
Hello all,
I hope you can understand how desperate I am to figure out what to do.
I need to enable tunnels from my laptop running Windows 2000 Pro to
my FreeBSD 4.6. I have a Cable Modem link to the Internet and for my
firewall and NAT router I use a D-Link 707 Residencial Router capable
of allowing VPN using IPsec 'only'.
----------
VPN Sever Gateway | |
----------- ----------- | |
192.168.0.3 -------- 192.168.0.1 ----------------------- Internet |
----------- ----------- | |
FreeBSD 4.6 xxx.xxx.xxx.xxx | |
----------
-IPsec Enabled IPsec: |
-Running Racoon -ESP mode |
-Setkey -In Tunnel Mode (DUH!) |
-OpenSSL Certificates -DES encryption |
-psk.txt -ESP mode with no encapsulation |
-VPN Sever: PoPToPt -no Integrity |
-Pre-Shared keys |
|
|
|
Client |
------------- |
192.168.0.226 ----------------------------------------=84=A3
-------------
Windows 2000 Pro
-IPsec enabled
-Certificate Install
As this diagram explains I'm running FreeBSD 4.6 with PoPToP, Racoon
for sharing keys and IPsec enabled in the Kernel. The gateway/NAT
router allows IPsec VPN with DES encryption in ESP mode with no
encapsulation, no Integrity, in Tunnel mode and using a pre-shared
key.
I don't know what "no Integrity" means neither why ESP
cannot "encapsulate".
Please, help me in anyway you can. Point me to any webpages you think
will help me.
THIS IS WHAT I HAVE DONE SO FAR:
- PoPToP works. In its bare bones without IPsec policies and racoon's
deamon turned off I can connect 'directly' to the server from within
the LAN.
- Racoon has been installed.
- I have searched the Internet and followed various HOWTO's but none
of the are based on the scheme I'm using. Usually they involve two
FreeBSD machines, a Windows 2000 Server, etc.
- I have read the FreeBSD Handbook Section on IPsec, setkey man pages
and racoon man pages.
- Tried several times to set the security policies in "both" machines
and connect but the results are worse everytime.
- A set of certificates have been made and installed. I followed a
guide that made me create OpenSSL certificates and installed them,
but I can't quite figure out when they come into play.
My major problem has been setting up the Security Policies in both
Machines. I think that's the step that's causing me all this trouble.
The most confusing thing to me is why there is no way of editing the
security policies in the Gateway.
Please, excuse my ignorance and I appreciate all the help I can
recieve.
MrWebby
--------------000703050902030406070700--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DA72972.7030706>