IPsec, VPN and FreeBSD

Julian Elischer julian at elischer.org
Tue Jan 24 18:43:35 PST 2006 

gahn wrote:

>Thanks Julian:
>
>Well, the another site is using a linux box for
>firewall. We have extra PCs available so we could
>build another FreeBSD box. That probably makes the VPN
>setup a lot easier between two sites.
>
>As to the roaming users, very unlikely there will be
>dial-up line, but those users could be on road and
>using ISPs to connect the internal lab. both sites are
>labs.
>
>I will try the roaming clients<--->freebsd vpn server
>first.
>  
>

ok google for mpd and pptp

>
>
>--- Julian Elischer <julian at elischer.org> wrote:
>
>  
>
>>gahn wrote:
>>
>>    
>>
>>>Hi:
>>>
>>>We intend to build IPSec based VPN server on
>>>      
>>>
>>FreeBSD
>>    
>>
>>>platform so that we can access internal network of
>>>      
>>>
>>a
>>    
>>
>>>lab. The remote side will use VPN client and could
>>>      
>>>
>>be
>>>from anywhere of the Internet, or may be from the
>>    
>>
>>>another site of the company. From the hnadbook, I
>>>      
>>>
>>saw
>>    
>>
>>>the sample of site-to-site configurations and we do
>>>have one FreeBSD firewall (running ipfw) on both
>>>      
>>>
>>site
>>    
>>
>>>and another one on another site (both have
>>>      
>>>
>>firewalls
>>    
>>
>>>on them), can we do that?  Also what about the
>>>client-server model? What kind of clients do we
>>>      
>>>
>>need
>>    
>>
>>>in order to connect to the FreeBSD/IPsec/VPN? Any
>>>tips/information for the configuration of the
>>>clients/server model on internet?
>>>
>>>Any help will be greatly appreciated.
>>> 
>>>
>>>      
>>>
>>there are almost too many options to mention..
>>
>>however you should be able to implement pptp
>>tunnels (as used on windows) using mpd (in ports)
>>alternatively there is always ssh or ipsec.
>>(or a combination of them)
>>
>>If as you suggest, both ends are freebsd, then I've
>>used mpd over ssh 
>>with great effect.
>>use the 'tcp transport' option of mpd and connect it
>>through an ssh tunnel.
>>
>>is the 'client' roaming or at a fixed address? if a
>>fixed address then 
>>ipsec becomes easier.
>>
>>
>>
>>    
>>
>>>Thanks
>>>
>>>
>>>
>>>__________________________________________________
>>>Do You Yahoo!?
>>>Tired of spam?  Yahoo! Mail has the best spam
>>>      
>>>
>>protection around 
>>    
>>
>>>http://mail.yahoo.com 
>>>_______________________________________________
>>>freebsd-security at freebsd.org mailing list
>>>      
>>>
>>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>>    
>>
>>>To unsubscribe, send any mail to
>>>      
>>>
>>"freebsd-security-unsubscribe at freebsd.org"
>>    
>>
>>> 
>>>
>>>      
>>>
>>_______________________________________________
>>freebsd-questions at freebsd.org mailing list
>>
>>    
>>
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>  
>
>>To unsubscribe, send any mail to
>>"freebsd-questions-unsubscribe at freebsd.org"
>>
>>    
>>
>
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam?  Yahoo! Mail has the best spam protection around 
>http://mail.yahoo.com 
>  
>

More information about the freebsd-security mailing list