From owner-freebsd-questions Wed Nov 20 7: 2: 4 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5171937B401 for ; Wed, 20 Nov 2002 07:02:03 -0800 (PST) Received: from pgh.nepinc.com (pgh.nepinc.com [66.207.129.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8CB1A43E42 for ; Wed, 20 Nov 2002 07:02:02 -0800 (PST) (envelope-from durham@jcdurham.com) Received: from jimslaptop.pitt.nepinc.com (jimslaptop.pitt.nepinc.com [192.100.100.107]) by pgh.nepinc.com (8.11.4/8.11.3) with ESMTP id gAKF1pF77521; Wed, 20 Nov 2002 10:01:55 -0500 (EST) (envelope-from durham@jcdurham.com) Content-Type: text/plain; charset="iso-8859-1" From: Jim Durham Reply-To: durham@jcdurham.com Organization: James Durham Consulting To: Marcin Jessa , freebsd-questions@FreeBSD.ORG Subject: Re: VPN and roaming Windows 2K users Date: Wed, 20 Nov 2002 10:01:47 -0500 User-Agent: KMail/1.4.3 References: <20021120100754.GB68431@yazzy.org> In-Reply-To: <20021120100754.GB68431@yazzy.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200211201001.47980.durham@jcdurham.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wednesday 20 November 2002 05:07 am, Marcin M. Jessa wrote: > Do you know how to make a FreeBSD firewall a VPN server for roaming Win= 2K > boxes (Win2k users without static IP's)? I've been playing with racoon = for > a few days but it seems that the only way it can authenticate roaming > Windows VLAN users is with preshared certificates. > This again excludes usage of manual keying (pre_shared_keys) which is > nessesary for accepting connections from dynamic IP's. = =20 > The preshared keys method can be configured to accept connections > from specified hostnames and that could work with windows boxes that ru= n a > dyndns client. Again Windows and racoon can only communicate using > certificates and not manual keying....an evil circle. Windows can speak > with racoon if one makes racoon to automatically exchange keys but this > works only if Windows clients have static IP's... > Have any of you guys an idea about what to do to combine these methods?= =20 > = =20 > Or maybe there is a workaround? Please squeeze your brains and let me k= now > about whatever you think may be of interest in this metter. I use mpd to serve 95,98, 2000 and XP boxes using their "VPN' connection. This seems to work well and you can coach a remote user through the Windows setup over the phone with minimal trouble. I use racoon and IPSEC between offices with FreeBSD boxes on each end. -Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message