From owner-freebsd-questions@FreeBSD.ORG Sun Nov 6 13:18:23 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 10C401065673 for ; Sun, 6 Nov 2011 13:18:23 +0000 (UTC) (envelope-from btillman99@yahoo.com) Received: from nm11-vm0.bullet.mail.ac4.yahoo.com (nm11-vm0.bullet.mail.ac4.yahoo.com [98.139.53.196]) by mx1.freebsd.org (Postfix) with SMTP id A7F2B8FC15 for ; Sun, 6 Nov 2011 13:18:22 +0000 (UTC) Received: from [98.139.52.195] by nm11.bullet.mail.ac4.yahoo.com with NNFMP; 06 Nov 2011 13:18:22 -0000 Received: from [98.139.52.184] by tm8.bullet.mail.ac4.yahoo.com with NNFMP; 06 Nov 2011 13:18:22 -0000 Received: from [127.0.0.1] by omp1067.mail.ac4.yahoo.com with NNFMP; 06 Nov 2011 13:18:22 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 18353.67411.bm@omp1067.mail.ac4.yahoo.com Received: (qmail 45683 invoked by uid 60001); 6 Nov 2011 13:18:21 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1320585501; bh=n1MVhyxUj7K8NpI+mFLo9H0giEB0jSq4TKXUW0yjE68=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:Cc:In-Reply-To:MIME-Version:Content-Type; b=RHgKmWZ/Koe6NGeHWQJUoWJFOHLBa7nqb4VGXxWAKTX9/qzkR5ymDikJzYheE7AG95Lh/imOZnX8Egsda44cR95J7IuywiEQtfaNUD70rFIIG0yrbohkM/mRwUNI5MjVr1OtVwWyOf1l7oyA0HnKCqyKY0IyXeEkKr/5Iy7fETY= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:Cc:In-Reply-To:MIME-Version:Content-Type; b=g3qxrG12P4KQzQa93PIS2Vxl4tew1qeEFOtPI8maCasX3BjcuY8yqXv7VZb5ZtnIADNyRyodAoVmH1QbvMliLOtxRUf4eB3x0wCUDr9G8Pk1rxvUyhIpKETgR4p0OgSKFiCHlNQsDTYYEByzFVyotWm8eyNQc9JFR7i8M2Iyfwo=; X-YMail-OSG: XR5.k0wVM1kzey4zwq_P73s3hBLJZtoxjMCfFs6o.x2I3T. VDCP5JZuOZt4toaQQr73kZGkCSBuzovZwJK357heFMWKEE88gLqwXzLtf8as N4Rp3cO4iy8TqaXqJpDb6sawysfazk9_9vTsBd5Uu978iHoVA5nSNAjcPPvO O1bzmgcaDKK_79WyHYn6lrkhj9WmBOovvzesYbetJZ86ZJVCYAHg8.aPnb8z omIPcgsTQDOGd304DzrYd_6G4DedDnTBkW6nafJVgTiYmu26j_SeiOHDfzKb ulll4uL2NZG50R7O0bFzKsvPSVMrVTgYTf1Tw9lxHHQxbltUjfYMiku.YEGU TnxNu1LKD5pmJxs1oMcILJ3uh6TKKfMvnE9Zj7D3N5EyKfctCnCglaORO7gm Eu02epz1oDcmTXzjm1QcTbYVJoDoi.DtzalsPfe2F96rUmN9kIghlvE_g_tD SJzQ2hZndKQsYb1xkXdXuTfckYGmxbUl3GnrP2GA.RemBJ4vaKzVbRkwV6x5 xn3O5K.A93h8wblaIU7mhOx5kmmJq8O5QxGtpBDCaaU9CFE8GTRDDJyzlyJI usREUmSvl0ym._48WgpFlt5kgsiq2inIozmScs_T2bU1gmGYhYsNXR5f5YNQ juiHo8sy_yVGnX0u2hxDjGjO0WynOWw-- Received: from [98.203.44.66] by web36506.mail.mud.yahoo.com via HTTP; Sun, 06 Nov 2011 05:18:20 PST X-Mailer: YahooMailWebService/0.8.115.325013 References: <84AD393C-FDDE-4F00-BAD8-F5CB41BCED07@d3photography.com> <1320489355.14536.YahooMailNeo@web36502.mail.mud.yahoo.com> Message-ID: <1320585500.34579.YahooMailNeo@web36506.mail.mud.yahoo.com> Date: Sun, 6 Nov 2011 05:18:20 -0800 (PST) From: Bill Tillman Cc: FreeBSD Questions In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: OpenVPN - what configuration do I need/want X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Bill Tillman List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Nov 2011 13:18:23 -0000 =0A=A0=0A=0A________________________________=0AFrom: Ryan Coleman =0ATo: Bill Tillman =0ACc: FreeBSD Q= uestions =0ASent: Saturday, November 5, 2011= 9:32 PM=0ASubject: Re: OpenVPN - what configuration do I need/want=0A=0ASo= ... basically you've just set up servers that utilize the host connection o= r doesn't route?=0A=0AOn Nov 5, 2011, at 5:35 AM, Bill Tillman wrote:=0A=0A= >=A0 =0A> ________________________________=0A> =0A> From: Ryan Coleman =0A> To: FreeBSD Questions =0A> Sent: Friday, November 4, 2011 10:22 AM=0A> Subject: OpenVPN - wh= at configuration do I need/want=0A> =0A> I have a PE 2450 with dual NICs an= d I want to turn it into a bridging VPN for the guys in the office to utili= ze.=0A> =0A> Our configuration:=0A> My office: 192.168.46.0/24=0A>=A0 =A0 = Server IPs: 192.168.46.2 [8.2-RELEASE] + public IP=0A> Corporate office: 19= 2.168.45.0/24=0A> My VPN: 192.168.47.0/24 [preferred]=0A> There's a NetVant= a VPN between my office and the corporate office and I presume that will st= ill work to route 47.0/24 to 45.0/24 when all is said and done.=0A> =0A> I = am going to be supporting Windows and Mac clients (well, all windows and th= en my mac) and I'd like to test it from my 8.2 server at home before pushin= g this over to my MacBook Pro (using Tunnelblick) and then to my Windows us= ers.=0A> =0A> I've tried the FreeBSD handbook and the Section6.net walkthro= ughs to no avail.=0A> =0A> Any help would be appreciated.=0A> =0A> Thanks,= =0A> Ryan =0A> =0A> _______________________________________________=0A> fre= ebsd-questions@freebsd.org mailing list=0A> http://lists.freebsd.org/mailma= n/listinfo/freebsd-questions=0A> To unsubscribe, send any mail to "freebsd-= questions-unsubscribe@freebsd.org"=0A> =0A> =0A>=A0 =0A> I can't say that I= 'm familiar with your setup which uses "bridging". But I setup OpenVPN to w= ork on a server inside my LAN which is behind my FreeBSD firewall server. T= he setup wasn't that hard, you just have to forward the right ports and get= the certificates copied to the clients correctly. The docs on the OpenVPN = site were very helpful in this for me. =0A> The trouble you may find is tha= t this other VPN appliance you reference, NetVanta, may or may not be compa= tible with OpenVPN. I tried this several years ago with a remote company I = was working for and found out quite dissappointingly that the protocol used= by OpenVPN would not work whatsoever with Cisco equipment. That may have c= hanged now but at the time all the advice I got was forget about it. Cisco = equipment would not work with OpenVPN period. Luckily at the time I had a s= mall Cisco appliance at my house and that is the only way I could get that = setup to work. These days I happily connect to my LAN with encrypted tunnel= s from most places like hotels, etc... There is a problem sometimes at plac= es like Starbucks or McDonalds where they have equipment which is blocking = ports needed to run VPN. And in most cases it's not that they are blocking = specific ports, it's that they are blocking everything except port 80 to on= ly let their freebie users surf web=0A> content. =0A> YMMV....check the doc= s on the OpenVPN site. Many HOWTOs and examples will help you get going.=0A= > _______________________________________________=0A> freebsd-questions@fre= ebsd.org mailing list=0A> http://lists.freebsd.org/mailman/listinfo/freebsd= -questions=0A> To unsubscribe, send any mail to "freebsd-questions-unsubscr= ibe@freebsd.org"=0A=0A=0A=0AYes, but the setup is very similar. The docs av= ailable on the OpenVPN website give HOWTOs on both setups and they are very= similar. I would check these as I found them to be very helpful. OpenVPN a= lso has a great mailing list where I got some additional help.=0A