From owner-freebsd-questions@FreeBSD.ORG Tue Jun 3 19:41:52 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B786106566B for ; Tue, 3 Jun 2008 19:41:52 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from mail.potentialtech.com (internet.potentialtech.com [66.167.251.6]) by mx1.freebsd.org (Postfix) with ESMTP id F18AF8FC12 for ; Tue, 3 Jun 2008 19:41:51 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from vanquish.ws.pitbpa0.priv.collaborativefusion.com (pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.potentialtech.com (Postfix) with ESMTPSA id 28EA0EBC08; Tue, 3 Jun 2008 15:41:51 -0400 (EDT) Date: Tue, 3 Jun 2008 15:41:06 -0400 From: Bill Moran To: Schiz0 Message-Id: <20080603154106.55a2b233.wmoran@potentialtech.com> In-Reply-To: <8d23ec860806031204l34bee56k80ced31851516526@mail.gmail.com> References: <8d23ec860806031204l34bee56k80ced31851516526@mail.gmail.com> X-Mailer: Sylpheed 2.4.8 (GTK+ 2.12.9; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd questions Subject: Re: Setting up a VPN X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2008 19:41:52 -0000 In response to Schiz0 : > Hey, > > I'm looking for information on how to setup a Virtual Private Network > on a FreeBSD 7.0-RELEASE system. The only VPNs that I've worked with > previously is Hamachi on windows and linux, so I have no experience in > OpenVPN or IPSec. > > The purpose of this VPN is to restrict certain things to only > administrators. For example, phpmyadmin and vsFTPd. I'd prefer not to > have these things listen on the public interface. > > I read the Handbook entry on IPSec/VPNs: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html > > However, that entry only has examples for how to connect one network > to another network via FreeBSD gateways. I don't want a setup like > this; I just want the freebsd system, my windows XP system, and a few > other windows XP systems to be on a VPN together. > > Can anyone link me to how-tos or any references on how to do this? > Also, any suggestions on which software to use (OpenVPN, IPSec, etc) > would be appreciated. Not sure I agree with the mpd recommendation. In my experience, that particular piece of Windows VPN technology is better relegated to history, much in the same way as the Holocaust and other disasters. If you're having trouble understanding IPsec, don't worry. IPsec is confusing. The biggest problem with IPsec is that it's more complicated than it needs to be. Based on your description of your requirement, I suggest pursuing an OpenVPN solution. I've done this with FreeBSD/Windows. There's a neat tool to generate .msi files for Windows machines to allow users idiot- proof installation, which I've had good success with, and the simple VPN you describe is pretty easy to set up from this HOWTO: http://openvpn.net/index.php/documentation/howto.html#pki -- Bill Moran http://www.potentialtech.com