From owner-freebsd-questions Wed Nov 10 4:56:47 1999 Delivered-To: freebsd-questions@freebsd.org Received: from blackhelicopters.org (geburah.blackhelicopters.org [209.69.178.18]) by hub.freebsd.org (Postfix) with ESMTP id 9CAA41525B for ; Wed, 10 Nov 1999 04:56:42 -0800 (PST) (envelope-from mwlucas@blackhelicopters.org) Received: (from mwlucas@localhost) by blackhelicopters.org (8.9.3/8.9.3) id HAA51135; Wed, 10 Nov 1999 07:56:40 -0500 (EST) (envelope-from mwlucas) From: Michael Lucas Message-Id: <199911101256.HAA51135@blackhelicopters.org> Subject: Re: easy VPN solution? In-Reply-To: <199911100414.WAA71414@nospam.hiwaay.net> from David Kelly at "Nov 9, 1999 10:14:10 pm" To: dkelly@HiWAAY.net (David Kelly) Date: Wed, 10 Nov 1999 07:56:40 -0500 (EST) Cc: freebsd-questions@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Well, if you have a FreeBSD box on your side, use SKIP. For the client side, use the trustworks SKIP client. It's $99, and you can set up the config on a Windows box on your side. You can simply ship the remote office a floppy disk and say "Here, run 'setup'". You can check out Trustworks at (big surprise) www.trustworks.com. This works pretty seamlessly. And yes, it's legal. Regards, Michael > At work we are in need of a simple idiot proof secure (legal too) tunnel > between one office and a distant office. For unknown reasons the distant > office is terrified of the notion they might have to use something other > than AOL. They are also too far away for me to casually jump in a plane > to push the reset button. And anything more than a one-button push is > more than anybody should attempt to talk them thru. As for me, I'm > terrified such a computer with company sensitive information is allowed > to freely roam the internet in the first place. > > An initial Good Idea was to put another Ascend Pipeline 50 in our > network, in the remote office. Then to upgrade the VPN encryption > within the Pipeline. Not a bad idea but 1) would have to add ISDN to > the remote office in pricey BellSouth/Florida, and 2) AOL doesn't do > ISDN. > > Would be best if any non-Ascend Pipeline VPN solution would be able to > connect to the Pipeline 50 in my office via the internet. What does it > take to establish a VPN to an Ascend Pipeline using FreeBSD? I don't > really have the time over the coming year to monitor this proposed > firewall/gateway/VPN, but if I knew how to establish a VPN with the > Ascend hardware, I'd give it a go. Then when (positive thinking) that > works out would have to be square with RSA and whoever on the > encryption patents. > > Am collecting more data on the GNATbox firewall. Not sure about > encrypted VPN capabilities. > > Am also looking at Whistle's latest. Not sure about encryption but > apparently IBM is bundling hardware, network connection, and support, > at interesting prices. > > Netsurfing found http://www.sonicwall.com/. Bottom of the line is about > $400 but then another $400 or more for VPN? > > UMAX http://www.umax.com/networking/standard/ has some interesting stuff > but doesn't offer encrypted VPN. Same for > http://www.macsensetech.com/Product/index.html > > I understand client software under Windows can establish a VPN tunnel to > the Ascend VPN hardware. Don't know exactly what software package is > needed. Or if it comes with WinNT, which is on (both of) the remote > computers. *BUT* hopefully I've established a calibration of this remote > site and you have already dismissed that option after a session of > ROTFL. Am suspicious the only way this remote office survived a meltdown > from viruses and internet was their use of an old version of WordPerfect > and Windows 3.1. > > A firewall capable of killing Active-X would be a plus. Its not as > simple as blocking a port, is it? > > So, the question boils down to essentially: I need a cheap/free no > maintenence router/firewall/gatway/NAT/VPN that is idiot proof and can > tunnel over AOL. Know of any? Otherwise enjoy a chuckle as the real > world constantly amazes me. > > -- > David Kelly N4HHE, dkelly@nospam.hiwaay.net > ===================================================================== > The human mind ordinarily operates at only ten percent of its > capacity -- the rest is overhead for the operating system. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message