From owner-freebsd-stable  Wed Aug  8 13:30:17 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from logicalhost.com (logicalhost.com [63.169.206.2])
	by hub.freebsd.org (Postfix) with ESMTP id 6612737B405
	for <freebsd-stable@freebsd.org>; Wed,  8 Aug 2001 13:30:03 -0700 (PDT)
	(envelope-from diesel@bsdvault.net)
Received: from localhost (diesel@localhost)
	by logicalhost.com (8.11.4/8.11.3) with ESMTP id f78KUnX50966
	for <freebsd-stable@freebsd.org>; Wed, 8 Aug 2001 16:30:49 -0400 (EDT)
Date: Wed, 8 Aug 2001 16:30:49 -0400 (EDT)
From: raymond hicks <diesel@bsdvault.net>
X-X-Sender:  <diesel@logicalhost.com>
To: <freebsd-stable@freebsd.org>
Subject: Dynamic enpoint IPsec VPN?
Message-ID: <20010808162958.Q50937-100000@logicalhost.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

I was hoping to use freebsd box in the following capacity:

1) Gateway firewall doing Tunnel mode VPN between 2 offices ( another
similar freebsd box at remote office).

2) provide persons with dynamic ip ( dial clients) the ability to tunnel
into the network using Win2000 ipsec client.

  I can get my windows clients to authenticate and do VPN with the FreeBSD
boxes no problem but,  I was wondering if anyone has done this with the
windows clients being dynamic?  I was hoping that I could go even further
and have the FreeBSD box hand the dial user an address that is physically
on
the protected network behind the Tunnel interface.  The following is an
example....

Host A has:
                Lan network 10.1.1.0/24
                WAN address 208.209.166.1

Host B has:
                Lan network 10.2.2.0/24
                WAN address 208.209.166.18

I want to run tunnel mode between the wan addresss for both 10 networks.
I
would like to perhaps have a site C configured similarly but have host A
acting as a HUB and host B and C never need to talk.  I would also like
for
Host A to allocate host addresses 240 through 254 as an IP-Pool for use to
hand out to remote clients that authenticate to it.  Is this at all
possible
with the current Stack?

Any help is greatly appreciated.

Raymond Hicks
Network Security Engineer
Development Global IPvpn
UUNet Technologies




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message