From owner-freebsd-security  Thu Sep 27  8:56:29 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailtest.btconnex.net (mailtest.btconnex.net [209.47.192.8])
	by hub.freebsd.org (Postfix) with SMTP id DD78037B428
	for <freebsd-security@freebsd.org>; Thu, 27 Sep 2001 08:56:23 -0700 (PDT)
Received: (qmail 10594 invoked from network); 27 Sep 2001 15:56:09 -0000
Received: from unknown (HELO ?192.168.66.37?) (192.168.66.37)
  by mailtest.btconnex.net with SMTP; 27 Sep 2001 15:56:09 -0000
Date: Thu, 27 Sep 2001 11:56:06 -0400 (EDT)
From: Elliott Perrin <eperrin@beanfield.com>
X-X-Sender:  <eperrin@localhost>
To: <freebsd-net@freebsd.org>, <freebsd-security@freebsd.org>
Subject: VPN over VLANS and dynamic clients
Message-ID: <20010927114500.W77821-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hello there, I am not currently subscribed to net or security so if I
could be CC'ed on all replies that would be excellent.

I am trying to setup VPN connectivity for a client that needs to be able
to log in to their office from dynamic IP's. I have setup VLANS over an
fxp card that corespond to their VLAN in our Cisco's. BTW, it is not an
option to setup the VPN through the Cisco as I cannot specify more than
one policy and we already have a client's VPN running through the Cisco.
The FBSD box has public IP and a private IP, both on vlan interfaces
(vlan0 and vlan1) with the private IP sitting on the subnet of the client.

I want to be able to have a client authenticate and be handed an IP from
the LAN that they are connecting to. so it would look like this.

client - dynamic IP ----> pub ip on FBSD--192.168. on FBSD (part of LAN)
   |--------------------------------------|
          need encryption between here

Have I been hitting the pipe too much this morning or is there a way to
accomplish this??? Any hints, advice are more than welcome.

Thanks
eperrin@beanfield.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message