Date: Wed, 20 Nov 2002 17:29:16 +0100 From: "Willem Jan Withagen" <wjw@withagen.nl> To: "Marcin Jessa" <yazzy@ezunix.org>, <freebsd-isp@FreeBSD.ORG>, <freebsd-security@FreeBSD.ORG> Subject: Re: VPN and roaming Windows 2K clients Message-ID: <005d01c290b1$f8592c80$471b3dd4@dual> References: <20021120100222.GA68431@yazzy.org>
index | next in thread | previous in thread | raw e-mail
Do you know how to make a FreeBSD firewall a VPN server for roaming Win2K boxes (Win2k users without static IP's)?
> I've been playing with racoon for a few days but it seems that the only way it can authenticate roaming Windows VLAN users
> is with preshared certificates.
> This again excludes usage of manual keying (pre_shared_keys) which is nessesary for accepting connections from dynamic IP's.
> The preshared keys method can be configured to accept connections from specified hostnames and that could work with windows
> boxes that run a dyndns client. Again Windows and racoon can only communicate using certificates and not manual keying.... an evil circle. Windows can speak with racoon if one makes racoon to automatically exchange keys but this works only if Windows clients have static IP's...
> Have any of you guys an idea about what to do to combine these methods?
> Or maybe there is a workaround?
IF IPsec is not a requirement, you could look at what I did:
use pptp
mpd on the firewall
std vpn stuff which comes with W2K
Really piece of cake.
--WjW
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005d01c290b1$f8592c80$471b3dd4>