From owner-freebsd-net@FreeBSD.ORG Sun Nov 5 11:35:17 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B9D616A54A for ; Sun, 5 Nov 2006 11:35:17 +0000 (UTC) (envelope-from peter@alastria.net) Received: from nebula.thdo.uk.alastria.net (nebula.thdo.uk.alastria.net [212.13.198.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id D409243E18 for ; Sun, 5 Nov 2006 11:33:46 +0000 (GMT) (envelope-from peter@alastria.net) Received: from [10.10.4.10] (88-96-139-34.dsl.zen.co.uk [88.96.139.34]) (authenticated bits=0) by nebula.thdo.uk.alastria.net (8.13.3/8.13.3) with ESMTP id kA5BXdSx002491 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 5 Nov 2006 11:33:41 GMT (envelope-from peter@alastria.net) Message-ID: <454DCC04.6020106@alastria.net> Date: Sun, 05 Nov 2006 11:33:24 +0000 From: Peter Wood User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <2864.10.10.4.10.1162579931.squirrel@neon.alastria.lan> <454D25C4.2000503@uk.tiscali.com> In-Reply-To: <454D25C4.2000503@uk.tiscali.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Flag: NO X-Virus-Status: No X-Spam-Score: 0.137 () RCVD_IN_SORBS_DUL X-Spam-Ultra-Flag: NO X-Spam-Low-Flag: NO X-Spam-Flag: NO X-Spam-High-Flag: NO X-Scanned-By: MIMEDefang 2.51 on 212.13.198.8 Subject: Re: IPSEC, isakmpd, tunnel/transport encapsulation... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Nov 2006 11:35:17 -0000 Heya Chris, > I tried to setup something exactly like you did. I could do it fine with > freebsd boxes as I would do it via username not ip. Never really got the > roblem sorted for windows though. I ended up using openVPN instead. Thanks for your follow up, I've used OpenVPN before and I agree it is a lot easier, however in this case I don't want the requirement of installing software on the end clients who might only log on once every few months. Also it's NAT traversing capabilities don't really apply as it's IP to IP on the same subnet :). Cheers for the suggestion though, I'll keep kicking it for a bit longer. I should add that the config I previously gave for isakmpd had a mistake (from my trails and errors). #Configuration = ipsec-quick-mode Was actually uncommented. Configuration = ipsec-quick-mode Cheers, Peter.