From owner-freebsd-questions@FreeBSD.ORG Sat Nov 5 10:35:57 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A85C106566B for ; Sat, 5 Nov 2011 10:35:57 +0000 (UTC) (envelope-from btillman99@yahoo.com) Received: from nm15-vm0.bullet.mail.ac4.yahoo.com (nm15-vm0.bullet.mail.ac4.yahoo.com [98.139.52.236]) by mx1.freebsd.org (Postfix) with SMTP id E49B08FC16 for ; Sat, 5 Nov 2011 10:35:56 +0000 (UTC) Received: from [98.139.52.190] by nm15.bullet.mail.ac4.yahoo.com with NNFMP; 05 Nov 2011 10:35:56 -0000 Received: from [98.139.52.180] by tm3.bullet.mail.ac4.yahoo.com with NNFMP; 05 Nov 2011 10:35:56 -0000 Received: from [127.0.0.1] by omp1063.mail.ac4.yahoo.com with NNFMP; 05 Nov 2011 10:35:56 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 165498.67988.bm@omp1063.mail.ac4.yahoo.com Received: (qmail 21463 invoked by uid 60001); 5 Nov 2011 10:35:55 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1320489355; bh=PSWIrm+Lo9qZOUI4nryzFFzCD06UZrtkBzoILmGrLEM=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=lmDKXgR3ByLaVRQhtcBMwO18iI4LZT3zGrbeLi57FwTeC5O1MKEmUDWkq/4Vp4/DJo0oOXonIQTyYRz7ilMugV89PVwH1jzM2+VIkRS84Ft844P4HLlOeAoRCT4e/Ogz1a9L+iIfq8eiLVJxROhzNupVS4AbvDXDZukATfbSvvI= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=T/0NcYTAgVqvxd/nRCZdRnMMszrsSm8PN3Ls/APjxNIXhZ4r4F9Yld9c6KZDGF57OBXZ0fXoJsL5YwU5Ew3QQ5IlLQoWk+qvhnimTl2O1Ok/5TXHXC4y1FnTFKZ8G86CJior6gAK8xgFa2boK7xiRryCDXYjbtIfp0cZdcArAEU=; X-YMail-OSG: ms0VyKEVM1k18U_4iC9S1zAspZf7CQnaVZKHDs9irNlu2I5 Fbqp7dS88.lEK1ayne0qFzj3ksr3F6tkE4Z.HagWaSKnqR_ve9VqSXUHzzyK HqKyLJe012.40G8lufHFd1YFoZedDER.Mdmuorf58xChHK.nGEiPU2JqHvTz IaQnGoyfDsLM_a7VhnSiIOTz6nJL3VxnsJvZ5M5F2p1xQ2l18fJa7Yn9uE2Z HSnTr6hgQFf3tXsizXkkHJtwwWuncs_b4vIN4dZBNyGk6PYvZ_Sm9CO9xCDO uANrqEUPtYThhXQClHoNsYextcKlOfMNpqaZDphW7SHw8_RABd7f1o_rvYJ0 Y1G9UWxb6LAhQUXImyPUekGrIo8nmUl6ndNJbZkKxBy1uKYg6mKC9jkPyvMb z9LCaK..a5iomQz_UAjDyp4xMwNo0pOFcpQeLp0IFz3bngWj4BzLBB67thsO dPt03iBwElXJTGNL3z.yGXJtlehZzjyudBWPByifOLF_zvOz9hPezaGYsyvt 6wEYZz4_g9OGq3cYKKn868Bw7M2IrHx.jlLfROu75CLqLWfnEUKwjwUoScc8 u9JJU1nfLfg8cO2qmHIjMM46Z4.bGwy_bOmQHzK1FN0Nn5Bhu7Wsl4Cg4JZ1 jQEADruvDT.XKWyijLfHHgugOiXd8 Received: from [98.203.44.66] by web36502.mail.mud.yahoo.com via HTTP; Sat, 05 Nov 2011 03:35:55 PDT X-Mailer: YahooMailWebService/0.8.115.325013 References: <84AD393C-FDDE-4F00-BAD8-F5CB41BCED07@d3photography.com> Message-ID: <1320489355.14536.YahooMailNeo@web36502.mail.mud.yahoo.com> Date: Sat, 5 Nov 2011 03:35:55 -0700 (PDT) From: Bill Tillman To: FreeBSD Questions In-Reply-To: <84AD393C-FDDE-4F00-BAD8-F5CB41BCED07@d3photography.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: OpenVPN - what configuration do I need/want X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Bill Tillman List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Nov 2011 10:35:57 -0000 =A0=0A________________________________=0A=0AFrom: Ryan Coleman =0ATo: FreeBSD Questions =0ASe= nt: Friday, November 4, 2011 10:22 AM=0ASubject: OpenVPN - what configurati= on do I need/want=0A=0AI have a PE 2450 with dual NICs and I want to turn i= t into a bridging VPN for the guys in the office to utilize.=0A=0AOur confi= guration:=0AMy office: 192.168.46.0/24=0A=A0=A0=A0 Server IPs: 192.168.46.2= [8.2-RELEASE] + public IP=0ACorporate office: 192.168.45.0/24=0AMy VPN: 19= 2.168.47.0/24 [preferred]=0AThere's a NetVanta VPN between my office and th= e corporate office and I presume that will still work to route 47.0/24 to 4= 5.0/24 when all is said and done.=0A=0AI am going to be supporting Windows = and Mac clients (well, all windows and then my mac) and I'd like to test it= from my 8.2 server at home before pushing this over to my MacBook Pro (usi= ng Tunnelblick) and then to my Windows users.=0A=0AI've tried the FreeBSD h= andbook and the Section6.net walkthroughs to no avail.=0A=0AAny help would = be appreciated.=0A=0AThanks,=0ARyan =0A=0A_________________________________= ______________=0Afreebsd-questions@freebsd.org mailing list=0Ahttp://lists.= freebsd.org/mailman/listinfo/freebsd-questions=0ATo unsubscribe, send any m= ail to "freebsd-questions-unsubscribe@freebsd.org"=0A=0A=0A=A0=0AI can't sa= y that I'm familiar with your setup which uses "bridging". But I setup Open= VPN to work on a server inside my LAN which is behind my FreeBSD firewall s= erver. The setup wasn't that hard, you just have to forward the right ports= and get the certificates copied to the clients correctly. The docs on the = OpenVPN site were very helpful in this for me. =0AThe trouble you may find = is that this other VPN appliance you reference, NetVanta, may or may not be= compatible with OpenVPN. I tried this several years ago with a remote comp= any I was working for and found out quite dissappointingly that the protoco= l used by OpenVPN would not work whatsoever with Cisco equipment. That may = have changed now but at the time all the advice I got was forget about it. = Cisco equipment would not work with OpenVPN period. Luckily at the time I h= ad a small Cisco appliance at my house and that is the only way I could get= that setup to work. These days I happily connect to my LAN with encrypted = tunnels from most places like hotels, etc... There is a problem sometimes a= t places like Starbucks or McDonalds where they have equipment which is blo= cking ports needed to run VPN. And in most cases it's not that they are blo= cking specific ports, it's that they are blocking everything except port 80= to only let their freebie users surf web content. =0AYMMV....check the docs on the OpenVPN site. Many HOWTOs and ex= amples will help you get going.