Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 30 Oct 2001 12:56:56 -0800 (PST)
From:      Archie Cobbs <archie@dellroad.org>
To:        Gary Jackson <bargle@umiacs.umd.edu>
Cc:        freebsd-net@FreeBSD.ORG
Subject:   Re: Reply Hazy (Encrypted VPN across FBSD, W2k, RHL, etc...)
Message-ID:  <200110302056.f9UKuuv08305@arch20m.dellroad.org>
In-Reply-To: <200110271449.KAA11184@leviathan.umiacs.umd.edu> "from Gary Jackson at Oct 27, 2001 10:49:01 am"
next in thread | previous in thread | raw e-mail | index | archive | help 
Gary Jackson writes:
> I have a suspicion that the limiting factor here is going to be the
> Microsoft product.  It appears as if it will do encrypted VPNs two
> ways:
> 
> 1.  PPTP with proprietary MPPE encryption/compression
> 2.  IPSec/l2tp proprietary hybrid
> 
> I looked in to option (1).  It seems to be the easiest, with the
> exception that apparently I need some proprietary code (as per the
> following quote from the ng_mppc(4) manual page:
> 
>      The MPPC protocol requires proprietary compression code available from
>      Hi/Fn (formerly STAC).  These files must be obtained elsewhere and added
>      to the kernel sources before this node type will compile with the
>      NETGRAPH_MPPC_COMPRESSION option.

That's only required if you want to do compression, which is optional.
So the net/mpd-netgraph port will do PPTP with encryption but not
compression.

> Option (2) looks even less likely.  I've only been able to find one
> implementation of l2tp, and it looks like it's still a pretty flaky
> piece of software that hasn't been integrated with IPSec.

You can configure Win2k to do pure IPSec without the L2TP part,
and this works with FreeBSD/IPSec/racoon. Search the MSoft knowledge
base for how to configure it this way (it's non-trivial).

-Archie

__________________________________________________________________________
Archie Cobbs     *     Packet Design     *     http://www.packetdesign.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110302056.f9UKuuv08305>