From owner-freebsd-security@FreeBSD.ORG  Wed Jan 25 17:30:08 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E82E516A423
	for <freebsd-security@freebsd.org>;
	Wed, 25 Jan 2006 17:30:08 +0000 (GMT)
	(envelope-from fred.letter@lacave.net)
Received: from talisker.lacave.net (talisker.lacave.net [217.145.39.3])
	by mx1.FreeBSD.org (Postfix) with SMTP id 373E843D79
	for <freebsd-security@freebsd.org>;
	Wed, 25 Jan 2006 17:30:05 +0000 (GMT)
	(envelope-from fred.letter@lacave.net)
Received: (qmail 41558 invoked from network); 25 Jan 2006 17:30:03 -0000
Received: from 212-100-178-134.adsl.easynet.be (HELO tamnavulin.lacave.local)
	(212.100.178.134)
	by talisker.lacave.net with SMTP; 25 Jan 2006 17:30:03 -0000
Date: Wed, 25 Jan 2006 18:30:02 +0100
From: "F. Senault" <fred.letter@lacave.net>
X-Mailer: The Bat! (v3.64.01 Christmas Edition) Professional
Organization: Freelance gourou
X-Priority: 3 (Normal)
Message-ID: <909547276.20060125183002@lacave.net>
To: freebsd-security@freebsd.org
In-Reply-To: <20060125142108.GB682@zen.inc>
References: <43D6D1CD.5060504@elischer.org>
	<20060125021915.59670.qmail@web52102.mail.yahoo.com>
	<20060125142108.GB682@zen.inc>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Re: IPsec, VPN and FreeBSD
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "F. Senault" <fred.letter@lacave.net>
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2006 17:30:09 -0000

Wednesday, January 25, 2006, 3:21:08 PM, you wrote:

> On Tue, Jan 24, 2006 at 06:19:15PM -0800, gahn wrote:
> [....]
>> As to the roaming users, very unlikely there will be
>> dial-up line, but those users could be on road and
>> using ISPs to connect the internal lab. both sites are
>> labs.
>> 
>> I will try the roaming clients<--->freebsd vpn server
>> first.

> IPsec with dynamic remote IPs is not as difficult, especially with
> racoon's generate_policy option

For a real-world example of a setup interconnecting networks
and roaming users to a central office with ipsec-tools' racoon, I've put
my config and some info here :

http://www.lacave.net/~fred/racoon/config.html

Hope this helps,

Fred
--
Trusted you                 With my life
Shattered dreams            Broken glass
I hope there is a closure   Down your path                      (Kittie,
For I have yet to find      The means to forgive          Pink Lemonade)