From owner-freebsd-questions@FreeBSD.ORG Mon Mar 24 03:41:59 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1BEEE106566B for ; Mon, 24 Mar 2008 03:41:59 +0000 (UTC) (envelope-from freebsd@akruijff.dds.nl) Received: from hpsmtp-eml17.kpnxchange.com (hpsmtp-eml17.kpnxchange.com [213.75.38.117]) by mx1.freebsd.org (Postfix) with ESMTP id A34258FC18 for ; Mon, 24 Mar 2008 03:41:58 +0000 (UTC) (envelope-from freebsd@akruijff.dds.nl) Received: from cpsmtp-eml103.kpnxchange.com ([213.75.84.103]) by hpsmtp-eml17.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 24 Mar 2008 04:41:57 +0100 Received: from ip51cc8423.speed.planet.nl ([81.204.132.35]) by cpsmtp-eml103.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 24 Mar 2008 04:41:56 +0100 Received: from Alex1.kruijff.org (localhost [127.0.0.1]) by ip51cc8423.speed.planet.nl (8.14.2/8.14.2) with ESMTP id m2O3fuNp001667; Mon, 24 Mar 2008 04:41:56 +0100 (CET) (envelope-from freebsd@akruijff.dds.nl) Received: (from akruijff@localhost) by Alex1.kruijff.org (8.14.2/8.14.2/Submit) id m2O3fuh5001666; Mon, 24 Mar 2008 04:41:56 +0100 (CET) (envelope-from freebsd@akruijff.dds.nl) X-Authentication-Warning: Alex1.kruijff.org: akruijff set sender to freebsd@akruijff.dds.nl using -f Date: Mon, 24 Mar 2008 04:41:56 +0100 From: Alex de Kruijff To: Jon Theil Nielsen Message-ID: <20080324034155.GA1077@Alex1.kruijff.org> References: <8f82c35c0803181643w712b2c91scbaa999466a0eb84@mail.gmail.com> <20080323201917.GB1890@Alex1.kruijff.org> <8f82c35c0803231445i4145172fm4794d1bbd08cc846@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8f82c35c0803231445i4145172fm4794d1bbd08cc846@mail.gmail.com> User-Agent: Mutt/1.4.2.3i X-OriginalArrivalTime: 24 Mar 2008 03:41:56.0817 (UTC) FILETIME=[02310410:01C88D61] Cc: freebsd-questions@freebsd.org Subject: VPN setup with OpenVPN (was: mpd pptp server?) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd@akruijff.dds.nl List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2008 03:41:59 -0000 On Sun, Mar 23, 2008 at 10:45:57PM +0100, Jon Theil Nielsen wrote: > 2008/3/23, Alex de Kruijff : > > On Wed, Mar 19, 2008 at 12:43:58AM +0100, Jon Theil Nielsen wrote: > > > I have tried some different ways to make a working VPN server on FreeBSD > > 7.0. > > > The main goal is to make it possible for Windows clients to access their > > > Samba home shares. I'm not sure if mpd is the best solution, but I will > > give > > > it a try. > > > I have installed /usr/ports/mpd4 and have the following configuration: > > > > I run openvpn on FreeBSD and Windows XP. > > > I have now succeeded in establishing connections from Windows to a VPN > server based on mpd4. But it has some severe limitations: I have to define > every single connection in the conf file (not a major problem). And I don't > see any option to authenticate against neither UNIX or Samba passwords. Is > that different through openvpn? Could you give some brief hints on the > configuration or maybe a reference to a useful howto? Giving you the program name ought to be enove of a hint. http://www.google.com/search?q=openvpn The openvpn site has a very nice howto. I can tell you the setup I have. I don't authenticate against UNIX or Samba passwords. I don't see what good it will do to require such autentication. It might even post a security risk. It might be posible. I do use certificates (standard) so I can cut off machines. Users need to authenticate when the connect to the services of a machine. I have a firewall on each computer. I have a VPN tunnel beteen sites and a road warrior setup for laptops. And I have a setup that allows me to take a server down without disrupting traffic flow beteen sites. -- Alex Please copy the original recipients, otherwise I may not read your reply. Howtos based on my personal use, including information about setting up a firewall and creating traffic graphs with MRTG http://alex.kruijff.org/FreeBSD/