Date: Sat, 28 Apr 2001 10:47:18 -0400 (EDT) From: Jim Durham <durham@w2xo.pgh.pa.us> To: =?iso-8859-1?Q?Jes=FAs_Arn=E1iz?= <arnaiz@encomix.es> Cc: questions@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: RV: VPN Message-ID: <Pine.BSF.4.21.0104281029330.35944-100000@shazam.int> In-Reply-To: <EPEJLCLAKFDENCGMPJJDAEPHDEAA.arnaiz@encomix.es>
index | next in thread | previous in thread | raw e-mail
On Thu, 26 Apr 2001, [iso-8859-1] Jesús Arnáiz wrote: > > I want to set VPN on my system, I see there is many programs created to do it. > > Any advantages or disadvantages of using one or other?. What is better (is the first > time I set VPN on a UNIX system).? > > I am using two VPN systems. For GRE (Windows clients to a LAN), and one from LAN-to-LAN. LAN-to-LAN, vtund running PPP over it works fairly well. About the only shortcoming is that the "persist" option to re-establish connection in case of network failure gets confused in the face of many interruptions too close together. vtund is fairly well documented, so I won't include a config file example, but I can supply one if asked. I have found mpd to work very well for GRE. It uses the netgraph interface and this is automatically loaded as a kernel module. Here is a a config file example: Note that "pptp2, pptp3" , etc entries are necessary. You need as many "pptpx" entries in the config file as the number of simultaneous connections you allow. Note the only differences in the entries are the label, the address, and the logging line. ************************************************************************* default: load pptp1 load pptp2 load pptp3 pptp1: new -i ng0 pptp1 pptp1 set iface disable on-demand set iface enable proxy-arp set iface idle 1800 set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set ipcp yes vjcomp set ipcp ranges 192.168.0.200/32 192.168.0.220/32 set ipcp dns 192.168.0.240 set ipcp nbns 192.168.0.244 log +pptp +pptp2 # If you wanted MPPE encryption and had ng_mppc(8)... set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set bundle enable crypt-reqd set ccp yes mpp-stateless The changes for the second entry are only to these lines: pptp2: new -i ng1 pptp2 pptp2 set ipcp ranges 192.168.0.200/32 192.168.0.221/32 log +pptp +pptp2 hope this helps.. Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104281029330.35944-100000>