From owner-freebsd-chat Wed Apr 7 16: 9:15 1999 Delivered-To: freebsd-chat@freebsd.org Received: from smtp05.primenet.com (smtp05.primenet.com [206.165.6.135]) by hub.freebsd.org (Postfix) with ESMTP id 5B7E415950 for ; Wed, 7 Apr 1999 16:09:08 -0700 (PDT) (envelope-from tlambert@usr01.primenet.com) Received: (from daemon@localhost) by smtp05.primenet.com (8.9.1/8.9.1) id RAA35302; Wed, 7 Apr 1999 17:08:05 -0600 Received: from usr01.primenet.com(206.165.6.201) via SMTP by smtp05.primenet.com, id smtpdNYEWEa; Wed Apr 7 17:07:53 1999 Received: (from tlambert@localhost) by usr01.primenet.com (8.8.5/8.8.5) id QAA24204; Wed, 7 Apr 1999 16:06:55 -0700 (MST) From: Terry Lambert Message-Id: <199904072306.QAA24204@usr01.primenet.com> Subject: Re: Lets see what kind of response I can generate To: caldwell_david@hotmail.com (David Caldwell) Date: Wed, 7 Apr 1999 23:06:55 +0000 (GMT) Cc: chat@FreeBSD.ORG In-Reply-To: <19990407125458.77816.qmail@hotmail.com> from "David Caldwell" at Apr 7, 99 05:54:47 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Here is my latest question: > > I need A Virtual Private Network...here's the details: > > I work for the cheapest company around, so money constraints are tight > (which makes anything other the multi copper lines out of the > question...no adsl or isdn). > > Here's the proposal I have been working on: > > I want to put together a Pentium machine (from existing surplus) with > 3 good 56K modems and a nic and proxy this up to the network while > utilizing all three of the current isp accounts we have (only two are > being used currently and very limited use at that). I came up with > this idea when trying to get them better access to the net. I'd suggest an InterJet, but it can't do 3 modems (hardware, not software, limitation). Depending on the service area, I wouldn't rule out ISDN. If you can find an ISP in your LATA, you can get a Centrex based soloution with no message units, and virtual full time connection (ISP brings up the link when there are incoming packets) for the same price as your ISP with 3 accounts. The RBOC itself is also an option. US West is now flat rate in some areas, where it was message-unit based before (e.g., my dad has a US West connection for $70/Month that includes 2 B channels for 128k, two POTS breakouts off the CSU/DSU -- a Netopia? -- for his FAX machine and a Western Union machine. The POTS can take over 1 B channel, as needed, for inbound POTS traffic, while keeping the network link up). There is also a lot of DSL being deployed in various areas, though generally only within spitting distance (1.5 miles) of the LATA. Nicole Harrington (of BAFUG fame) works for a company that does the cable modem thing, last I heard, and that may be an option as well. Also, be aware that ISP's monitor uptime on a per account basis; if you go with the 56k soloution, if you aren't already paying "business account" rates on the accounts, expect to be soon. A modem is one of an ISP's most overcomiited resources. > In turn this company has some 20+ remote sites with as many as 250 > users spread out over those sites. I propose to put a similar box in > at each site and set up acounts with the local ISPs so they will also > have access. > > Now can this same box be used for the VPN with encryption and > firewalls set up or will I have to set up a second box. Are there any > open source firewall progs that are effective or should I look for a > commercial setup. Same goes for the encryption...commercial or open > source. If the same box is a FreeBSD box, it's possible. FreeBSD doesn't support VPN by itself (though the FreeBSD based InterJet supports Microsoft-style GRE based VPN), since it doesn't have the software support (an integrated IPv6 with IPSEC would do the trick, but FreeBSD has held off integrating IPv6. This has the plus that INRIA, KAME, and NRL have been able to get together on integration, but the minus that an unmodified FreeBSD can't do what you need at this time). > Any and all input is welcome... I noticed someone else suggested and ssh based soloution. The drawback with using ssh is that it (1) won't work through all firewalls, and (2) is only client-to-UNIX (or UNIX-to-UNIX). If the intent is to VPN a bunch of disparately located Windows machines into a single "network neighborhood", ssh is not an answer. An InterJet can do this, with a limit on the point-to-point VPN connections, and will even proxy nmbd correctly so that the "network neighborhood" is unified between the locations; you'd have to send mail to Archie Cobb to get the exact list of limitations that this would impose. Your bandwidth requirements are generally outside the scope of a modem-only soloution for an InterJet at this time, though... Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message