On Fri, Jan 13, 2006 at 11:48:12AM -0800, Valerio G. Romano wrote:
> Hello all,
>
> I have a recent OpenbSD 3.8 install on a macppc. I am trying to decide
> what to use to have remote access to my network for which openbsd is the
> gateway with various roaming clients. All I really want to do is have a
> network drive or two show up on remote computers while they are roaming
> and reach my network via the internet cloud. So if my boss is in a
> hotel, she can reach the internet and then simply use her windows client
> to be on my network. The windows client can not be expected to log on to
> the openbsd box and renumber the remote network settings.
> So I need a simple ipsec or ssl (or other) solution that will allow
> windows clients (hopefully any flavor of windows, but at least win2000+)
> to log on and mount drives from the remote network. I would love to
> know the name of the openbsd package that is recommended and which free
> windows client goes with it, and maybe a howto on how to make them work
> together.
> I have read lots of documentation and it seems like lots of people are
> doing lots of different solutions. I am looking for a solution that
> offers some security and doesn't expect much knowledge from the windows
> client/user.
>
> What should I use?
I've tried both IPSec and OpenVPN. The former has lots of knobs
(probably too much), and the Windows implementation leaves quite a bit
to be desired.
I've especially had quite a few problems with certificates, which caused
large packets (as Windows' version does not seem to have the
fragmentation extension - neither, BTW, does OpenBSD; this was on Linux,
racoon/KAME), which caused the cheap SOHO NAT router to drop the
packets.
The second is less efficient, which is a big minus in my book, but
offers a limited GUI for Windows and actually works with NAT. It's
available as the openvpn package.
Both seem to be well-designed as far as security goes, though OpenBSD's
track record is (of course ;-) ) better.
Joachim
