Re: RV: VPN

Sat, 28 Apr 2001 07:22:42 -0700 

On Thu, 26 Apr 2001, [iso-8859-1] Jes�s Arn�iz wrote:

> 
> I want to set VPN on my system, I see there is many programs created to do it.
> 
> Any advantages or disadvantages of using one or other?. What is better (is the first
> time I set VPN on a UNIX system).?
> 
> 

I am using two VPN systems. For GRE (Windows clients to a LAN),
and one from LAN-to-LAN.

LAN-to-LAN, vtund running PPP over it works fairly well. About the
only shortcoming is that the "persist" option to re-establish
connection in case of network failure gets confused in the face
of many interruptions too close together. vtund is fairly well
documented, so I won't include a config file example, but I can
supply one if asked.

I have found mpd to work very well for GRE. It uses the netgraph interface
and this is automatically loaded as a kernel module. Here is a
a config file example: Note that "pptp2, pptp3" , etc entries
are necessary. You need as many "pptpx" entries in the config file
as the number of simultaneous connections you allow.  Note the only
differences in the entries are the label, the address, and the logging
line.

*************************************************************************
default:
        load pptp1
        load pptp2
        load pptp3


pptp1:
        new -i ng0 pptp1 pptp1
        set iface disable on-demand
        set iface enable proxy-arp
        set iface idle 1800
        set bundle disable multilink
        set link yes acfcomp protocomp
        set link no pap chap
        set link enable chap
        set link keep-alive 10 60
        set ipcp yes vjcomp
        set ipcp ranges 192.168.0.200/32 192.168.0.220/32
        set ipcp dns 192.168.0.240
        set ipcp nbns 192.168.0.244
        log +pptp +pptp2
# If you wanted MPPE encryption and had ng_mppc(8)...
        set bundle enable compression
        set ccp yes mppc
        set ccp yes mpp-e40
        set ccp yes mpp-e128
        set bundle enable crypt-reqd
        set ccp yes mpp-stateless


The changes for the second entry are only to  these lines:

pptp2:
        new -i ng1 pptp2 pptp2

        set ipcp ranges 192.168.0.200/32 192.168.0.221/32

        log +pptp +pptp2



hope this helps..

Jim Durham


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Reply via email to