Re: VPN server software ?
On 5/23/07, Frank Bonnet [EMAIL PROTECTED] wrote: I have to setup a VPN server and I wonder which free software running on FreeBSD to choose as my knowledge in such softwares is very limited for now. OpenVPN is in ports and is working very well for me (including having Windows clients connect). /JMS ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN server software ?
Frank Bonnet wrote: I have to setup a VPN server and I wonder which free software running on FreeBSD to choose as my knowledge in such softwares is very limited for now. So any feedbacks, links, infos are welcome Try net/mpd4. It probably does anything you need from radius auth to netgraph logging. -- Sphinx of black quartz judge my vow! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: VPN server to run in FreeBSD jail ...
[EMAIL PROTECTED] wrote: Marc G. Fournier wrote: Does anyone know of any software that would allow a client attach a VPN *to* a process running within a FreeBSD jail from a Windows machine? It doesn't help now, but there is work underway to make the whole network stack clonable under FreeBSD -- meaning each jail gets the ability to have as many IP numbers as it wants, and to have a separate firewall from the host system and do all the other networking tricks you can think of. http://www.tel.fer.hr/zec/papers/zec-03.pdf Hi, This document is dated 2003, and tests were done for FreeBSD 4.8. Is there a chance to have a clonable network stack in a near future? --- Philippe Lang Attik System smime.p7s Description: S/MIME cryptographic signature
Re: VPN server to run in FreeBSD jail ...
Marc G. Fournier wrote: Does anyone know of any software that would allow a client attach a VPN *to* a process running within a FreeBSD jail from a Windows machine? I believe you can sort-of do this with a certain amount of packet redirection and firewall trickery, but it isn't very easy and you won't be able to control anything to do with the VPN from within the jail. Essentially you do the old trick of creating the jail using an alias address on the loopback, then add redirection rules in the firewall to forward traffic to it. If you need to create tap, tun of gif interfaces to run the VPN software then that has to be done *outside* the jail, as there's no simple way of making those interfaces visible inside it. It doesn't help now, but there is work underway to make the whole network stack clonable under FreeBSD -- meaning each jail gets the ability to have as many IP numbers as it wants, and to have a separate firewall from the host system and do all the other networking tricks you can think of. http://www.tel.fer.hr/zec/papers/zec-03.pdf Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
RE: VPN Server
John and Hal, The company I work for has a customer that setup 4-5 sites on a vpn network with these. The 16 port unit is garbage, it uses different firmware than the lower port count units and it locks up all the time. I have had personal experience both with the Netgear VPN devices and the Cisco PIXes. The PIX are vastly superior. The Netgears have issues with doing a lot of things at the same time, and with high bandwidth. The truth is that the commercial products that play in this space are either very good, like the Cisco VPN 3000 but cost immense amounts of money because they are targeted at large enterprises, or they are really crappy because they are targeted at the very very very small offices that don't even have a server, and the companies that make them know that the small companies won't buy a network device that costs much over $300. And most of the smaller VPN hardware boxes I've seen only support peer-to-peer mode IPSec not client-server mode, despite their marketing literature. Most moderate sized organizations use Windows 2003 with dual NICs in them as VPN servers. As a result there's no market for a stable VPN server hardware box that's targeted at the 25-250 person organization. This is one area where building a VPN server on FreeBSD is definitely worth doing. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Cruz Sent: Thursday, March 09, 2006 2:22 PM To: hal Cc: freebsd-questions@freebsd.org Subject: Re: VPN Server http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayo utpackedargs=c%3DL_Product_C2%26cid%3D1118334795358pagename=Li nksys%2FCommon%2FVisitorWrapper Will probably suffice well, they also make a 16 port version @ http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayo utpackedargs=c%3DL_Product_C2%26cid%3D1123638171453pagename=Linksys%2FC ommon%2FVisitorWrapper But if you need more I'd go with the 4 ports and get a gigabit switch to add on to it. It'll be a little more expensive, but it will be worth it, knowing that if something happens to a machine the VPN won't suffer as a result. -john hal wrote: Any suggestions? hal On Mar 9, 2006, at 11:08 AM, John Cruz wrote: I'd go with a VPN router, they usually have the best results. hal wrote: I need FreeBSD VPN server software that will support Win2K, unix, Mac OS X, and Linux clients. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN Server
OpenVPN is a good idea Hi Enrico I need FreeBSD VPN server software that will support Win2K, unix, Mac OS X, and Linux clients. Anyone have a suggestion/s? hal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN Server
I'd go with a VPN router, they usually have the best results. hal wrote: I need FreeBSD VPN server software that will support Win2K, unix, Mac OS X, and Linux clients. Anyone have a suggestion/s? hal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN Server
Any suggestions? hal On Mar 9, 2006, at 11:08 AM, John Cruz wrote: I'd go with a VPN router, they usually have the best results. hal wrote: I need FreeBSD VPN server software that will support Win2K, unix, Mac OS X, and Linux clients. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN Server
http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayoutpackedargs=c%3DL_Product_C2%26cid%3D1118334795358pagename=Linksys%2FCommon%2FVisitorWrapper Will probably suffice well, they also make a 16 port version @ http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayoutpackedargs=c%3DL_Product_C2%26cid%3D1123638171453pagename=Linksys%2FCommon%2FVisitorWrapper But if you need more I'd go with the 4 ports and get a gigabit switch to add on to it. It'll be a little more expensive, but it will be worth it, knowing that if something happens to a machine the VPN won't suffer as a result. -john hal wrote: Any suggestions? hal On Mar 9, 2006, at 11:08 AM, John Cruz wrote: I'd go with a VPN router, they usually have the best results. hal wrote: I need FreeBSD VPN server software that will support Win2K, unix, Mac OS X, and Linux clients. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN Server
OpenVPN, it's the shit. easy to setup. supports all the clients named. hal wrote: Any suggestions? hal On Mar 9, 2006, at 11:08 AM, John Cruz wrote: I'd go with a VPN router, they usually have the best results. hal wrote: I need FreeBSD VPN server software that will support Win2K, unix, Mac OS X, and Linux clients. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: VPN server ?
Frank Bonnet wrote: I need some infos on FreeBSD baed VPN server links/experiences welcome I'm using OpenVPN (http://www.openvpn.org), and I'm very happy with it. It's simple to set up (*much* simpler than IPSEC), and it has so far been reliable for me. Since it uses SSL for encryption, it is easy to find hardware encryption acceleration; eg newer Via Epia systems have some crypto hardware built into the CPU which is supported by FreeBSD and delivers superb performance at little cost: those boards are cheap, and they use very little power. For even smaller VPN gateways, A soekris box (http://www.soekris.com) with a vpn acceleration add-on card ought to work fine as well. Cheers Benjamin signature.asc Description: OpenPGP digital signature
Re: VPN server
- Original Message - From: lycanthrope [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 13, 2004 6:59 PM Subject: VPN server hello I would like to setup my freebsd 5.2-CURRENT box as a VPN server for windows 2k/xp clients, and enable them to use internet (PPPoE ADSL) connection. the clients are on various subnets connected to my box via LAN. I consider using pptop port for setting up VPN server, but if you have some other idea, please tell me...all I need is it to support win clients (and authentication usrname/pass) and I want the users to be able to access internet..that's all... the simpler the merrier :) thank you!! regards,marin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] If you want to support mppe128, you can use netgraph-mpd (/usr/ports/net/mpd/ in the 4.x tree) It supports username / pass and ip to the vpn client. I would imagine this is also available in the 5.x tree as well. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: VPN server
I am looking for some recomendations for a powerful (yet simple if possible) VPN server. You have two options, there is 'mpd' and 'PoPToP'. I have run them both, but mpd seems to support Microsoft clients with less hassle (at least in my experience). At present I will need to only have access to one other network in a different office running Win2K PPTP. Hopefully I will need to expand in the future to other networks that may or may not be MS based. This can be done using ip routing. You can create a static route between the two networks on the PPTP server and client. The windows client will get its configuation data from the VPN Server (FreeBSD). However, You may want to add a static route to FreeBSD that will send remote LAN specific traffic down the VPN link. Pretend that your remote network in the office is numbered 192.168.20.1/24. myUnix# route add -net 192.168.20 192.168.20.1 255.255.255.0 One other thing to disable (its on by default) is that the Windows implimentation of the VPN client will route all traffic over the VPN. I doubt that this is what you want, and you can disable it in the VPN/PPTP connection properties on the windows machine. In Windows XP Professional, I do the following. Open the VPN Connection Properties. Select the Networking Tab. Select Internet Protocol (TCP/IP) and click properties. Click on Advanceed. Uncheck Use default gateway on remote network. Both products (mpd and poptop) will work, but they both require a little bit of configuration. The current mpd in the ports tree has some examples you may want to look at. I would like if possible for the connections to be completly transparent to a user. Best case senario is the user signs on to thier FreeBSD (I am in a mixed network so there are a few XP systems also) system and opens up an application (or browse to a share on the other network) that connects to the other network and it connects without any more user intervention. Well, if you have a FreeBSD box in both places, there are lots of other options as well. My friend Nick runs a FreeBSD machine and we use a 'gif' tunnel (IPv4 over IPv4) with IPSec encrypting the data before it goes over the wire. There other solutions as well such as 'nos-tun'. I think that 'nos-tun' is part of the base installation and uses the 'tun' device (part of the GENERIC kernel) by default. LOL I am not asking much am I? Not at all. '-questions' is a good place for this question. In fact if you search through the archives, I have posted similar VPN questions in the past to this same list. Thank you, Joshua Lewis Aaron Burke (private email address because I HATE spam) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: VPN server
PPTP solutions for FreeBSD include MPD and Poptop IPSEC/VPN solution include using kernel IPSEC and GIF interfaces : http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html check out http://www.section6.net/help/pptphow.php for info on a dedicated PPTP server using FreeBSD Thomas Foster -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Lewis Sent: Tuesday, June 08, 2004 3:11 PM To: [EMAIL PROTECTED] Subject: VPN server I am looking for some recomendations for a powerful (yet simple if possible) VPN server. At present I will need to only have access to one other network in a different office running Win2K PPTP. Hopefully I will need to expand in the future to other networks that may or may not be MS based. I would like if possible for the connections to be completly transparent to a user. Best case senario is the user signs on to thier FreeBSD (I am in a mixed network so there are a few XP systems also) system and opens up an application (or browse to a share on the other network) that connects to the other network and it connects without any more user intervention. LOL I am not asking much am I? Thank you, Joshua Lewis ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]