From owner-freebsd-stable  Wed Sep  6 18:45:16 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from sr14.nsw-remote.bigpond.net.au (sr14.nsw-remote.bigpond.net.au [24.192.3.29])
	by hub.freebsd.org (Postfix) with ESMTP id CBD6337B423
	for <stable@FreeBSD.ORG>; Wed,  6 Sep 2000 18:45:13 -0700 (PDT)
Received: from areilly.bpc-users.org (CPE-144-132-245-92.nsw.bigpond.net.au [144.132.245.92])
	by sr14.nsw-remote.bigpond.net.au (Pro-8.9.3/8.9.3) with SMTP id MAA17424
	for <stable@FreeBSD.ORG>; Thu, 7 Sep 2000 12:45:03 +1100 (EDT)
Received: (qmail 74173 invoked by uid 1000); 7 Sep 2000 01:45:02 -0000
From: "Andrew Reilly" <areilly@bigpond.net.au>
Date: Thu, 7 Sep 2000 12:45:02 +1100
To: Gregory Bond <gnb@itga.com.au>
Cc: danh@gelatinous.com, stable@FreeBSD.ORG
Subject: Re: VPN? IPSEC? KAME? CIA?
Message-ID: <20000907124502.A74081@gurney.reilly.home>
References: <200009070034.LAA19470@lightning.itga.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200009070034.LAA19470@lightning.itga.com.au>; from gnb@itga.com.au on Thu, Sep 07, 2000 at 11:34:33AM +1100
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, Sep 07, 2000 at 11:34:33AM +1100, Gregory Bond wrote:
> > So what VPN solution are all the cool kids using
> > in FreeBSD these days?
> 
> See http://www.itga.com.au/~gnb/vpn/ for my continuing efforts to solve this 
> problem.  I'm using ppp-over-ssh for FreeBSD-to-FreeBSD VPN.
> 
> Work on a secure Windows PPTP-to-FreeBSD solution is progressing (slowly!  
> Brian - Where's the MPPE patches for ppp? :)
> 
> I also have some Windows IPsec clients I need to test with the new KAME/racoon 
> in 4.1.  All will be documented in the above page when I get it done.

My FreeBSD VPN requirements are mostly as a client, rather than
as a server.  I'm finding that mpd-netgraph is pretty good for
connecting to a Windows2000 box, after a small patch was applied
to coerce it to authenticate with MS-CHAP instead of MD5-CHAP.

I plan to try out the IPSec stuff eventually, but for now, this
is OK.

-- 
Andrew


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message