Date: Sat, 10 Jul 1999 00:25:18 -0600 From: Chris Fedde <cfedde@fedde.littleton.co.us> To: "Jon Passki" <jon.passki@neicoltech.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Oh, boy, another VPN question Message-ID: <199907100625.AAA98058@fedde.littleton.co.us> In-Reply-To: Your message of "Fri, 09 Jul 1999 14:44:39 CDT." <000201beca43$7b2cb660$af00a8c0@lp020001.neicoltech.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I take it from the discussion that the link labeled "Internet Connection"
is some kind of personal connection like dialup? If it were simply linking
two lans via the internet then it would be a lot easier. A product VPN
could be dropped in place at each site.
If all the applications can be accessed via a terminal session or
via x-windows then you can use SSH and one of the windows X clients
(hummingbird?)
But if you need true VPN services then you will almost be forced
to use Microsoft's solution for the WinTel clients. You may need
to run a RAS server inside the FreeBSD gateway. The natd and
ipfirewall stuff can provide the needed pass through without going
to a full application layer proxy.
Have fun!
chris
"Jon Passki" writes:
Okay, I've browsed the mail archive on http://www.freebsd.org and
http://www.deja.com for a FreeBSD + VPN solution w/ interoperability on a
Windows NT network. SKIP, NATD/IPFW, IPFilter, IPSec, SSH, yadda yadda
yadda... I'll lay out the scenario, and see what the guru's say :)
----------
| Client | Microsoft Client (95, 98, NT) Primarily.
---------- FreeBSD Client Secondary.
| Internet Connection, don't care how the client connects
| just that their client software supports the connection.
|
Internet
Connection
|
------------------
| Uplink's Cisco |
| 3000 Router |
------------------
| x.x.x.254 (x.x.x.0/24 is a registered range)
|
| x.x.x.231 (fxp0)
--------------
|DMZ Gateway | FreeBSD 3.2 w/ NATD/IPFW and DHCP on the internal
--------------
| 192.168.0.1 (vx0)
|
| 192.168.0.0/16
]--------------[
NT Network w/ a variety of servers needed for internal development, file
access, and other resources
What have people used or seen to let a client (running whatever client
software) get access to the internal network, and access the internal
resources (printers, file servers, ...)? I DON'T want to have an NT Server
on the DMZ (I ph33r NT's security :), so the choice is to incorporate eithe
r
a proxy into the FreeBSD box, or to configure the existing setup.
Would there be a better solution other to any I have suggestion?
Jon Passki
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
__
Chris Fedde <cfedde@sendmail.com>
303 773 9134
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907100625.AAA98058>