Hi: We intend to build IPSec based VPN server on FreeBSD platform so that we can access internal network of a lab. The remote side will use VPN client and could be from anywhere of the Internet, or may be from the another site of the company. From the hnadbook, I saw the sample of site-to-site configurations and we do have one FreeBSD firewall (running ipfw) on both site and another one on another site (both have firewalls on them), can we do that? Also what about the client-server model? What kind of clients do we need in order to connect to the FreeBSD/IPsec/VPN? Any tips/information for the configuration of the clients/server model on internet? Any help will be greatly appreciated. Thanks __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
gahn wrote:>Hi: > >We intend to build IPSec based VPN server on FreeBSD >platform so that we can access internal network of a >lab. The remote side will use VPN client and could be >from anywhere of the Internet, or may be from the >another site of the company. From the hnadbook, I saw >the sample of site-to-site configurations and we do >have one FreeBSD firewall (running ipfw) on both site >and another one on another site (both have firewalls >on them), can we do that? Also what about the >client-server model? What kind of clients do we need >in order to connect to the FreeBSD/IPsec/VPN? Any >tips/information for the configuration of the >clients/server model on internet? > >Any help will be greatly appreciated. > >there are almost too many options to mention.. however you should be able to implement pptp tunnels (as used on windows) using mpd (in ports) alternatively there is always ssh or ipsec. (or a combination of them) If as you suggest, both ends are freebsd, then I've used mpd over ssh with great effect. use the 'tcp transport' option of mpd and connect it through an ssh tunnel. is the 'client' roaming or at a fixed address? if a fixed address then ipsec becomes easier.>Thanks > > > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > >
Drew Tomlinson wrote:> I've been very pleased with OpenVPN for my needs. Biggest downside is > that each potential connection requires a separate OpenVPN instance as I > understand it. However if your client base is small, you might give it > a look.That used to be the case, but since OpenVPN 2 came out, it is no longer necessary. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20060125/71294648/signature.bin
On 1/24/2006 3:59 PM gahn wrote:>Hi: > >We intend to build IPSec based VPN server on FreeBSD >platform so that we can access internal network of a >lab. The remote side will use VPN client and could be >from anywhere of the Internet, or may be from the >another site of the company. From the hnadbook, I saw >the sample of site-to-site configurations and we do >have one FreeBSD firewall (running ipfw) on both site >and another one on another site (both have firewalls >on them), can we do that? Also what about the >client-server model? What kind of clients do we need >in order to connect to the FreeBSD/IPsec/VPN? Any >tips/information for the configuration of the >clients/server model on internet? > >Any help will be greatly appreciated. >I've been very pleased with OpenVPN for my needs. Biggest downside is that each potential connection requires a separate OpenVPN instance as I understand it. However if your client base is small, you might give it a look. Cheers, Drew -- Visit The Alchemist's Warehouse Magic Tricks, DVDs, Videos, Books, & More! http://www.alchemistswarehouse.com