Re: Setting up a VPN
--- On Sun, 6/8/08, Gonzalo Nemmi [EMAIL PROTECTED] wrote: Please _do_ send them to this list or throw a pointer at where they are at ! I'm sure more people than you can think of will find them usefull. I, for once, could really use them :) Hi Gonzalo, all I knew I should have done that in the first place, sorry :-) They were embarrassingly messy so I resisted I just fixed them up a bit I hope they can be of help See OpenVPN from http://www.isgsp.net/freebsd/index.html Take care Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a VPN
I've recently implemented OpenVPN under FreeBSD For our team, it's been rock solid I found the OpenVPN docs were excellent for Windohs/Linux but were lacking a little for BSD while i don't know openvpn i use mpd (for windows interoperability) and vtun (for unix only) both works excellent. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a VPN
try sslexplorer, http://n3ncy.com/UNIX/FreeBSD/SSLExplorer.htm Schiz0 wrote: Hey, I'm looking for information on how to setup a Virtual Private Network on a FreeBSD 7.0-RELEASE system. The only VPNs that I've worked with previously is Hamachi on windows and linux, so I have no experience in OpenVPN or IPSec. The purpose of this VPN is to restrict certain things to only administrators. For example, phpmyadmin and vsFTPd. I'd prefer not to have these things listen on the public interface. I read the Handbook entry on IPSec/VPNs: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html However, that entry only has examples for how to connect one network to another network via FreeBSD gateways. I don't want a setup like this; I just want the freebsd system, my windows XP system, and a few other windows XP systems to be on a VPN together. Can anyone link me to how-tos or any references on how to do this? Also, any suggestions on which software to use (OpenVPN, IPSec, etc) would be appreciated. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Setting-up-a-VPN-tp17631631p17728870.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a VPN
On Sun, Jun 08, 2008 at 11:39:06PM -0700, Steve Quinn wrote: --- On Sun, 6/8/08, Gonzalo Nemmi [EMAIL PROTECTED] wrote: Please _do_ send them to this list or throw a pointer at where they are at ! I'm sure more people than you can think of will find them usefull. I, for once, could really use them :) Hi Gonzalo, all I knew I should have done that in the first place, sorry :-) They were embarrassingly messy so I resisted I just fixed them up a bit I hope they can be of help See OpenVPN from http://www.isgsp.net/freebsd/index.html Take care Steve Excellent, Steve. Thanks a lot. Cheers, ~Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a VPN
--- On Tue, 6/3/08, Schiz0 [EMAIL PROTECTED] wrote: Hey, I'm looking for information on how to setup a Virtual Private Network on a FreeBSD 7.0-RELEASE system Hi I've recently implemented OpenVPN under FreeBSD For our team, it's been rock solid I found the OpenVPN docs were excellent for Windohs/Linux but were lacking a little for BSD I can send you my personal BSD related notes if you like Take care Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a VPN
On Sunday 08 June 2008 23:07:28 Steve Quinn wrote: --- On Tue, 6/3/08, Schiz0 [EMAIL PROTECTED] wrote: Hey, I'm looking for information on how to setup a Virtual Private Network on a FreeBSD 7.0-RELEASE system Hi I've recently implemented OpenVPN under FreeBSD For our team, it's been rock solid I found the OpenVPN docs were excellent for Windohs/Linux but were lacking a little for BSD I can send you my personal BSD related notes if you like Take care Steve Please _do_ send them to this list or throw a pointer at where they are at ! I'm sure more people than you can think of will find them usefull. I, for once, could really use them :) Thanks in advanced -- Blessings Gonzalo Nemmi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a VPN
On Mon, Jun 09, 2008 at 12:04:14AM -0300, Gonzalo Nemmi wrote: On Sunday 08 June 2008 23:07:28 Steve Quinn wrote: --- On Tue, 6/3/08, Schiz0 [EMAIL PROTECTED] wrote: Hey, I'm looking for information on how to setup a Virtual Private Network on a FreeBSD 7.0-RELEASE system Hi I've recently implemented OpenVPN under FreeBSD For our team, it's been rock solid I found the OpenVPN docs were excellent for Windohs/Linux but were lacking a little for BSD I can send you my personal BSD related notes if you like Take care Steve Please _do_ send them to this list or throw a pointer at where they are at ! I'm sure more people than you can think of will find them usefull. I, for once, could really use them :) Thanks in advanced -- Blessings Gonzalo Nemmi I second this request. I am getting ready to implement a VPN for a small company and any extra documentation I can get would be greatly appreciated. Regards, ~Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Setting up a VPN
Hey, I'm looking for information on how to setup a Virtual Private Network on a FreeBSD 7.0-RELEASE system. The only VPNs that I've worked with previously is Hamachi on windows and linux, so I have no experience in OpenVPN or IPSec. The purpose of this VPN is to restrict certain things to only administrators. For example, phpmyadmin and vsFTPd. I'd prefer not to have these things listen on the public interface. I read the Handbook entry on IPSec/VPNs: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html However, that entry only has examples for how to connect one network to another network via FreeBSD gateways. I don't want a setup like this; I just want the freebsd system, my windows XP system, and a few other windows XP systems to be on a VPN together. Can anyone link me to how-tos or any references on how to do this? Also, any suggestions on which software to use (OpenVPN, IPSec, etc) would be appreciated. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a VPN
Hey, I'm looking for information on how to setup a Virtual Private Network on a FreeBSD 7.0-RELEASE system. The only VPNs that I've worked with if you need unix-unix VPN use /usr/ports/net/vtun if unix-windoze - then use /usr/ports/net/mpd that's all :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a VPN
In response to Schiz0 [EMAIL PROTECTED]: Hey, I'm looking for information on how to setup a Virtual Private Network on a FreeBSD 7.0-RELEASE system. The only VPNs that I've worked with previously is Hamachi on windows and linux, so I have no experience in OpenVPN or IPSec. The purpose of this VPN is to restrict certain things to only administrators. For example, phpmyadmin and vsFTPd. I'd prefer not to have these things listen on the public interface. I read the Handbook entry on IPSec/VPNs: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html However, that entry only has examples for how to connect one network to another network via FreeBSD gateways. I don't want a setup like this; I just want the freebsd system, my windows XP system, and a few other windows XP systems to be on a VPN together. Can anyone link me to how-tos or any references on how to do this? Also, any suggestions on which software to use (OpenVPN, IPSec, etc) would be appreciated. Not sure I agree with the mpd recommendation. In my experience, that particular piece of Windows VPN technology is better relegated to history, much in the same way as the Holocaust and other disasters. If you're having trouble understanding IPsec, don't worry. IPsec is confusing. The biggest problem with IPsec is that it's more complicated than it needs to be. Based on your description of your requirement, I suggest pursuing an OpenVPN solution. I've done this with FreeBSD/Windows. There's a neat tool to generate .msi files for Windows machines to allow users idiot- proof installation, which I've had good success with, and the simple VPN you describe is pretty easy to set up from this HOWTO: http://openvpn.net/index.php/documentation/howto.html#pki -- Bill Moran http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a VPN
particular piece of Windows VPN technology is better relegated to history, much in the same way as the Holocaust and other disasters. as the whole windoze. but people use it - their problem. so if they use - let they have win-VPNs, and mpd gives it and works fine. i don't know how secure is windows-vpn. possibly not much, but who cares? anyone who cares about security should just don't use windows at all. those who like to feel secure - feels secure. that's all. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: need help setting up PPTP VPN using mpd
On Mon, May 03, 2004 at 06:11:14PM -0500, Brad Tarver wrote: I'm trying to setup PPTP connectivity in a lab environment before I attempt to implement in a real-world situation. I have two routers and four PCs (two laptops running Windows XP and two desktops running FreeBSD 5.2.1). I haven't configured any ipfw or ipfirewall rules yet to keep my configuration 'simple'. Both FreeBSD boxes are configured to nat the two Windows boxes to my lab 'internet'. Here is my setup: -snip - snip disclaimer yada yada Here is a working setup of mine with ipfw rules. The bsd comp has static ip but the MS comps are dynamic ip so things are loose. ( I also run samba and setup an account for the roaming computers, they have access to the lan, the password for mpd must match tha samba password and the user account on freebsd) allow tcp from any to any 1723 keep-state allow gre from any to x.x.x.x in recv dc0 # server ip allow gre from any to any out xmit dc0 allow ip from any to any via ng0 allow ip from any to any via ng1 allow ip from any to any via ng2 # mpd.conf default: load pptp0 load pptp1 load pptp2 pptp0: new -i ng0 pptp0 pptp0 set iface disable on-demand set iface enable proxy-arp set iface idle 1800 # set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set link mtu 1460 set ipcp yes vjcomp set ipcp ranges 192.168.1.2/32 192.168.1.50/32 set ipcp dns 10.1.146.80 set ipcp nbns 192.168.1.2 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless pptp1: new -i ng1 pptp1 pptp1 set iface disable on-demand set iface enable proxy-arp set iface idle 1800 # set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set link mtu 1460 set ipcp yes vjcomp set ipcp ranges 192.168.1.2/32 192.168.1.51/32 set ipcp dns 10.1.146.80 set ipcp nbns 192.168.1.2 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless pptp2: new -i ng2 pptp2 pptp2 set iface disable on-demand set iface enable proxy-arp set iface idle 1800 # set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set link mtu 1460 set ipcp yes vjcomp set ipcp ranges 192.168.1.2/32 192.168.1.52/32 set ipcp dns 10.1.146.80 set ipcp nbns 192.168.1.2 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless # end ### -- -- ** The information contained in this communication is confidential, private, proprietary, or otherwise privileged and is intended only for the use of the addressee. Unauthorized use, disclosure, distribution or copying is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately. ** == ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: need help setting up PPTP VPN using mpd
On Mon, 03 May 2004 18:11:14 -0500 Brad Tarver [EMAIL PROTECTED] wrote: I'm trying to setup PPTP connectivity in a lab environment before I attempt to implement in a real-world situation. I have two routers and four PCs (two laptops running Windows XP and two desktops running FreeBSD 5.2.1). I haven't configured any ipfw or ipfirewall rules yet to keep my configuration 'simple'. Both FreeBSD boxes are configured to nat the two Windows boxes to my lab 'internet'. Can anyone look at the setup below and tell me what I'm missing? Here is my setup: LaptopA | | | 10.1.2.0/24 | | .1 FreebsdA | .2 | | 27.40.15.0/24 | | .1 RouterA | .25 | | 26.215.152.0/24 | | .26 RouterB | .1 | | 28.80.30.0/24 | | .2 FreebsdB | .1 | | 192.168.44.0/24 | | LaptopB I have MPD running on FreebsdA (27.40.15.2). Ipnat is configured on both freebsd boxes. When I open a new pptp vpn session on my laptopB, it gets to a 'verifying username and pass' stage and then errors. Brad: -- insert big disclaimer here -- I'm certainly no expert on PPTP but I believe you're going to need to set up some kind of passthrough functionality to get protocol 47 through NAT. What you describe above may be symptomatic of packets related to tcp 1723 getting through (to initiate authentication) but not protocol 47 (GRE) which is needed for the tunnel itself. I haven't used ipnat in some time but I seem to recall some carefully placed redirect rules as facilitating this. Sorry I can't be more specific. If I find the documentation I'm thinking about I'll post a link. Maybe you should try it first without NAT, just straight routing. Another useful thing might be to enable bpf in the kernel config and run a packet capture at appropriate chokepoints using tcpdump while you're testing. Please post a followup as I'd be interested in hearing (reading) how things go since I unfortunately don't have time to spare right now in trying it myself. Cheers, EB ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
need help setting up PPTP VPN using mpd
I'm trying to setup PPTP connectivity in a lab environment before I attempt to implement in a real-world situation. I have two routers and four PCs (two laptops running Windows XP and two desktops running FreeBSD 5.2.1). I haven't configured any ipfw or ipfirewall rules yet to keep my configuration 'simple'. Both FreeBSD boxes are configured to nat the two Windows boxes to my lab 'internet'. Can anyone look at the setup below and tell me what I'm missing? Here is my setup: LaptopA | | | 10.1.2.0/24 | | .1 FreebsdA | .2 | | 27.40.15.0/24 | | .1 RouterA | .25 | | 26.215.152.0/24 | | .26 RouterB | .1 | | 28.80.30.0/24 | | .2 FreebsdB | .1 | | 192.168.44.0/24 | | LaptopB I have MPD running on FreebsdA (27.40.15.2). Ipnat is configured on both freebsd boxes. When I open a new pptp vpn session on my laptopB, it gets to a 'verifying username and pass' stage and then errors. Here is my log: ---SNIP--- May 3 16:43:10 laurel0 kernel: mpd May 3 16:43:10 laurel0 mpd: mpd: pid 475, version 3.17 ([EMAIL PROTECTED] 21:09 2-May-2004) May 3 16:43:10 laurel0 mpd: [pptp0] ppp node is mpd475-pptp0 May 3 16:43:11 laurel0 mpd: mpd: local IP address for PPTP is 27.40.15.2 May 3 16:43:11 laurel0 mpd: [pptp0] using interface ng0 May 3 16:43:11 laurel0 mpd: set yes: unknown command. Try help. May 3 16:43:11 laurel0 mpd: [pptp1] ppp node is mpd475-pptp1 May 3 16:43:11 laurel0 mpd: [pptp1] using interface ng1 May 3 16:43:11 laurel0 mpd: set yes: unknown command. Try help. May 3 16:43:39 laurel0 mpd: mpd: PPTP connection from 28.80.30.2:4234 May 3 16:43:39 laurel0 mpd: pptp0: attached to connection with 28.80.30.2:4234 May 3 16:43:39 laurel0 mpd: [pptp0] IFACE: Open event May 3 16:43:39 laurel0 mpd: [pptp0] IPCP: Open event May 3 16:43:39 laurel0 mpd: [pptp0] IPCP: state change Initial -- Starting May 3 16:43:39 laurel0 mpd: [pptp0] IPCP: LayerStart May 3 16:43:39 laurel0 mpd: [pptp0] IPCP: Open event May 3 16:43:39 laurel0 mpd: [pptp0] bundle: OPEN event in state CLOSED May 3 16:43:39 laurel0 mpd: [pptp0] opening link pptp0... May 3 16:43:39 laurel0 mpd: [pptp0] link: OPEN event May 3 16:43:39 laurel0 mpd: [pptp0] LCP: Open event May 3 16:43:39 laurel0 mpd: [pptp0] LCP: state change Initial -- Starting May 3 16:43:39 laurel0 mpd: [pptp0] LCP: LayerStart May 3 16:43:39 laurel0 mpd: [pptp0] device: OPEN event in state DOWN May 3 16:43:39 laurel0 mpd: [pptp0] attaching to peer's outgoing call May 3 16:43:39 laurel0 mpd: [pptp0] device is now in state OPENING May 3 16:43:39 laurel0 mpd: [pptp0] device: UP event in state OPENING May 3 16:43:39 laurel0 mpd: [pptp0] device is now in state UP May 3 16:43:39 laurel0 mpd: [pptp0] link: UP event May 3 16:43:39 laurel0 mpd: [pptp0] link: origination is remote May 3 16:43:39 laurel0 mpd: [pptp0] LCP: Up event May 3 16:43:39 laurel0 mpd: [pptp0] LCP: state change Starting -- Req-Sent May 3 16:43:39 laurel0 mpd: [pptp0] LCP: phase shift DEAD -- ESTABLISH May 3 16:43:39 laurel0 mpd: [pptp0] LCP: SendConfigReq #1 May 3 16:43:39 laurel0 mpd: ACFCOMP May 3 16:43:39 laurel0 mpd: PROTOCOMP May 3 16:43:39 laurel0 mpd: MRU 1500 May 3 16:43:39 laurel0 mpd: MAGICNUM b960d589 May 3 16:43:39 laurel0 mpd: AUTHPROTO CHAP MSOFTv2 May 3 16:43:39 laurel0 mpd: [pptp0] error writing len 27 frame to bypass: No route to host May 3 16:43:39 laurel0 mpd: pptp0-0: ignoring SetLinkInfo May 3 16:43:39 laurel0 mpd: [pptp0] LCP: rec'd Configure Request #0 link 0 (Req-Sent) May 3 16:43:39 laurel0 mpd: MRU 1400 May 3 16:43:39 laurel0 mpd: MAGICNUM 44842fcf May 3 16:43:39 laurel0 mpd: PROTOCOMP May 3 16:43:39 laurel0 mpd: ACFCOMP May 3 16:43:39 laurel0 mpd: CALLBACK May 3 16:43:39 laurel0 mpd:Not supported May 3 16:43:39 laurel0 mpd: [pptp0] LCP: SendConfigRej #0 May 3 16:43:39 laurel0 mpd: CALLBACK May 3 16:43:39 laurel0 mpd: [pptp0] LCP: rec'd Configure Request #1 link 0 (Req-Sent) May 3 16:43:39 laurel0 mpd: MRU 1400 May 3 16:43:39 laurel0 mpd: MAGICNUM 44842fcf May 3 16:43:39 laurel0 mpd: PROTOCOMP May 3 16:43:39 laurel0 mpd: ACFCOMP May 3 16:43:39 laurel0 mpd: [pptp0] LCP: SendConfigAck #1 May 3 16:43:39 laurel0 mpd: MRU 1400 May 3 16:43:39 laurel0 mpd: MAGICNUM 44842fcf May 3 16:43:39 laurel0 mpd: PROTOCOMP May 3 16:43:39 laurel0 mpd: ACFCOMP May 3 16:43:39 laurel0 mpd: [pptp0] LCP: state change Req-Sent -- Ack-Sent May 3 16:43:41 laurel0 mpd: [pptp0] LCP: SendConfigReq #2 May 3 16:43:41 laurel0 mpd: ACFCOMP May 3 16:43:41 laurel0 mpd: PROTOCOMP May 3 16:43:41 laurel0 mpd: MRU 1500 May 3 16:43:41 laurel0 mpd: MAGICNUM b960d589 May 3 16:43:41 laurel0 mpd: AUTHPROTO CHAP MSOFTv2 May 3 16:43:41 laurel0 mpd: [pptp0] LCP: rec'd Configure Ack #2 link 0 (Ack-Sent) May 3 16:43:41 laurel0 mpd: ACFCOMP May 3 16:43:41 laurel0 mpd: PROTOCOMP May 3 16:43:41 laurel0 mpd: MRU 1500 May 3 16:43:41 laurel0 mpd: MAGICNUM b960d589 May 3 16:43:41 laurel0 mpd: AUTHPROTO