The target server is a Win2003 VPN server. I'm not sure what MS put in there in way of VPN, guess I'll have to research this a bit more.
I understood the IPCop VPN configuration to be for connecting at the firewall level - is this wrong?. I'm only looking for a workstation connection to a remote network. The remote network is already configured to accept VPN traffic. Isn't it possible to set up a VPN Client utility for this? Are there any available? or are they part of the Openswan type packages? (Or am I stuck with an MS frame of mind that is not quite correct?) Thanks for the info. Shawn -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kevin Anderson Sent: Tuesday, August 24, 2004 11:30 AM To: CLUG General Subject: Re: [clug-talk] VPN to MS Server? Ok, step one is to find out what kind of VPN you're connecting to. You either want PoPToP for a PPTP VPN, or OpenSwan if you're connecting with IPSec. To be really blunt, PPTP is a hopeless VPN. It's been abandoned almost everywhere, even by Microsoft, because it has so many security problems. Having said that, there are LOTS of people still using it, and I suppose it's better than nothing. FreeSwan was abandoned after the project funding dried up. It was forked into Strongswan, and Openswan. Openswan seems to be a Canadian thing, ran out of a consulting company named xelerance which is located in Toronto. IPCop uses Openswan. I haven't seen Strongswan in use anywhere yet. > I looked into FreeS/Wan, and it looks to be a bunch of command line configs > - which is fine, if you understand all the options. Also, it seems to > indicate I have to do something different with my firewall (which is IPCop) > to NOT masquerade the internal IP address. Is this really necessary? Yes. There was a checkbox in the VPN page for IPcop in older versions. I believe this is no longer used. Be aware that masqing IPSec traffic will only (to my knowledge) work for one connection. I'm not sure if 2.6 changes that, but I suspect it's a limitation of IPTables, rather than the kernel itself (correct me if I'm wrong here), and therefore, I'd bet that it still exists. If you're connecting to an IPSec VPN, I'd recommend that you just use your IPCop box to establish the connection for you. I'd recommend upgrading to the newest version (RC1) as well. There have been HUGE changes since 1.3, and a disproportonate share of those changes focus on VPNs. Kev. _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
