VPN server software ?
Hello I have to setup a VPN server and I wonder which free software running on FreeBSD to choose as my knowledge in such softwares is very limited for now. So any feedbacks, links, infos are welcome Thank you -- Regards Frank ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN server software ?
On 5/23/07, Frank Bonnet [EMAIL PROTECTED] wrote: I have to setup a VPN server and I wonder which free software running on FreeBSD to choose as my knowledge in such softwares is very limited for now. OpenVPN is in ports and is working very well for me (including having Windows clients connect). /JMS ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN server software ?
Frank Bonnet wrote: I have to setup a VPN server and I wonder which free software running on FreeBSD to choose as my knowledge in such softwares is very limited for now. So any feedbacks, links, infos are welcome Try net/mpd4. It probably does anything you need from radius auth to netgraph logging. -- Sphinx of black quartz judge my vow! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: VPN server to run in FreeBSD jail ...
[EMAIL PROTECTED] wrote: Marc G. Fournier wrote: Does anyone know of any software that would allow a client attach a VPN *to* a process running within a FreeBSD jail from a Windows machine? It doesn't help now, but there is work underway to make the whole network stack clonable under FreeBSD -- meaning each jail gets the ability to have as many IP numbers as it wants, and to have a separate firewall from the host system and do all the other networking tricks you can think of. http://www.tel.fer.hr/zec/papers/zec-03.pdf Hi, This document is dated 2003, and tests were done for FreeBSD 4.8. Is there a chance to have a clonable network stack in a near future? --- Philippe Lang Attik System smime.p7s Description: S/MIME cryptographic signature
VPN server to run in FreeBSD jail ...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does anyone know of any software that would allow a client attach a VPN *to* a process running within a FreeBSD jail from a Windows machine? - Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . [EMAIL PROTECTED] MSN . [EMAIL PROTECTED] Yahoo . yscrappy Skype: hub.orgICQ . 7615664 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFnmGP4QvfyHIvDvMRAv/kAJ9FGJVhWoYmCbHznARwaJOjNDdRfwCfR+3x dtGeFdEy5QCy5KL+C1/JgnQ= =fOYf -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN server to run in FreeBSD jail ...
Marc G. Fournier wrote: Does anyone know of any software that would allow a client attach a VPN *to* a process running within a FreeBSD jail from a Windows machine? I believe you can sort-of do this with a certain amount of packet redirection and firewall trickery, but it isn't very easy and you won't be able to control anything to do with the VPN from within the jail. Essentially you do the old trick of creating the jail using an alias address on the loopback, then add redirection rules in the firewall to forward traffic to it. If you need to create tap, tun of gif interfaces to run the VPN software then that has to be done *outside* the jail, as there's no simple way of making those interfaces visible inside it. It doesn't help now, but there is work underway to make the whole network stack clonable under FreeBSD -- meaning each jail gets the ability to have as many IP numbers as it wants, and to have a separate firewall from the host system and do all the other networking tricks you can think of. http://www.tel.fer.hr/zec/papers/zec-03.pdf Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: FreeBSD as a VPN Server/Router
Am 10.08.2006 um 01:09 schrieb Christopher Martin: Also, the load IPSec (or any encryption method for that matter) places on the encapsulating router is non-trivial, so be aware that if your hardware is a bit old you may get disappointing performance. I would suggest making the hardware at least current low end, or high end from a couple of years ago, to get the best performance. My 533 MHz Via C3 based router does 230 kB/s with OpenVPN while being about 75% idle. (My line's not faster, so I don't know where it would peak out.) Stefan -- Stefan Bethke [EMAIL PROTECTED] Fon +49 170 346 0140 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD as a VPN Server/Router
I am going to venture into the field of the security gurus so help me God! It looks like I am gonna get stuck in wet cement, I can feel it;) I have two sites, siteA and siteB. Each site has a horde of Windows PCs behind a FreeBSD box, which acts as a firewall/router/proxy/everything:) Each site has got a dedicated connection to an ISP. At the moment it's the same ISP, if that matters, but my thinking is that it can be any ISP. I have a challenge of establishing a WAN between the two sites. They are geographically apart. In this scenario, siteA has several applications running on several windows servers which are behind the FreeBSD box. The challenge is to allow siteB to access these applications securely via the WAN setup. VPN comes straight to mind, but this is a new area to me. The boxes are both FreeBSD 5.5-STABLE. I am looking for pointers/clues on how to do the setup in a clean way, while adhering to K.I.S.S as closely as possible. If extra hardware (other than the FreeBSD boxes) is required so that the WAN is efficient, I'd be happy to know. I am very optimistic on pulling this one off, since I belong to a community full of security experts (FreeBSD users). PS: I am already googling, perhaps with the wrong keywords:-) -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +==+ |\ _,,,---,,_ | Odhiambo Washington[EMAIL PROTECTED] Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ Who messed with my anti-paranoia shot? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD as a VPN Server/Router
I am going to venture into the field of the security gurus so help me God! It looks like I am gonna get stuck in wet cement, I can feel it;) I have two sites, siteA and siteB. Each site has a horde of Windows PCs behind a FreeBSD box, which acts as a firewall/router/proxy/everything:) Each site has got a dedicated connection to an ISP. At the moment it's the same ISP, if that matters, but my thinking is that it can be any ISP. I have a challenge of establishing a WAN between the two sites. They are geographically apart. In this scenario, siteA has several applications running on several windows servers which are behind the FreeBSD box. The challenge is to allow siteB to access these applications securely via the WAN setup. VPN comes straight to mind, but this is a new area to me. The boxes are both FreeBSD 5.5-STABLE. I am looking for pointers/clues on how to do the setup in a clean way, while adhering to K.I.S.S as closely as possible. If extra hardware (other than the FreeBSD boxes) is required so that the WAN is efficient, I'd be happy to know. I am very optimistic on pulling this one off, since I belong to a community full of security experts (FreeBSD users). PS: I am already googling, perhaps with the wrong keywords:-) It's been a couple of years since I did this, but this worked for me... http://www.pjkh.com/wiki/vtund -philip ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD as a VPN Server/Router
there is a freebsd based project called pfsense (.org) that would suit your needs perfectly. ive been running it for quite a while now, and i think its the best thing since sliced bread. i have a IPSec WAN between 2 sites (my apt, and my servers that are at a colo). tons of features that are found on other expensive firewalls, are included! cheers, jonathan On Wednesday 09 August 2006 12:33, Odhiambo Washington wrote: I am going to venture into the field of the security gurus so help me God! It looks like I am gonna get stuck in wet cement, I can feel it;) I have two sites, siteA and siteB. Each site has a horde of Windows PCs behind a FreeBSD box, which acts as a firewall/router/proxy/everything:) Each site has got a dedicated connection to an ISP. At the moment it's the same ISP, if that matters, but my thinking is that it can be any ISP. I have a challenge of establishing a WAN between the two sites. They are geographically apart. In this scenario, siteA has several applications running on several windows servers which are behind the FreeBSD box. The challenge is to allow siteB to access these applications securely via the WAN setup. VPN comes straight to mind, but this is a new area to me. The boxes are both FreeBSD 5.5-STABLE. I am looking for pointers/clues on how to do the setup in a clean way, while adhering to K.I.S.S as closely as possible. If extra hardware (other than the FreeBSD boxes) is required so that the WAN is efficient, I'd be happy to know. I am very optimistic on pulling this one off, since I belong to a community full of security experts (FreeBSD users). PS: I am already googling, perhaps with the wrong keywords:-) -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +==+ |\ _,,,---,,_ | Odhiambo Washington[EMAIL PROTECTED] Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ Who messed with my anti-paranoia shot? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD as a VPN Server/Router
On 08/09/2006 12:33, Odhiambo Washington wrote: I am going to venture into the field of the security gurus so help me God! It looks like I am gonna get stuck in wet cement, I can feel it;) I have two sites, siteA and siteB. Each site has a horde of Windows PCs behind a FreeBSD box, which acts as a firewall/router/proxy/everything:) Each site has got a dedicated connection to an ISP. At the moment it's the same ISP, if that matters, but my thinking is that it can be any ISP. I have a challenge of establishing a WAN between the two sites. They are geographically apart. In this scenario, siteA has several applications running on several windows servers which are behind the FreeBSD box. The challenge is to allow siteB to access these applications securely via the WAN setup. VPN comes straight to mind, but this is a new area to me. The boxes are both FreeBSD 5.5-STABLE. I am looking for pointers/clues on how to do the setup in a clean way, while adhering to K.I.S.S as closely as possible. The FreeBSD Handbook has a chapter on this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html HTH. If extra hardware (other than the FreeBSD boxes) is required so that the WAN is efficient, I'd be happy to know. I am very optimistic on pulling this one off, since I belong to a community full of security experts (FreeBSD users). PS: I am already googling, perhaps with the wrong keywords:-) -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +==+ |\ _,,,---,,_ | Odhiambo Washington[EMAIL PROTECTED] Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ Who messed with my anti-paranoia shot? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Regards, Eric ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD as a VPN Server/Router
Am 09.08.2006 um 19:33 schrieb Odhiambo Washington: In this scenario, siteA has several applications running on several windows servers which are behind the FreeBSD box. The challenge is to allow siteB to access these applications securely via the WAN setup. VPN comes straight to mind, but this is a new area to me. OpenVPN certainly fits your requirements. Besides a routed connection between two sides, it also offers a bridged setup, so it is ideally suited for connecting two Windows-centric networks. We use it at work for home VPNs as well as road warriors, configuration is straightforward, and performance is absolutely acceptable. IPSec has been mentioned before; I've had trouble understanding the configuration and how to diagnose problems. We did get it to work in the office, but only with a lot of trial and error. isakmpd and racoon are... idiosyncratic, to be polite. vtun has had major security issues in the past, so I would be wary, but I haven't looked into it for the past two years. pfSense is a FreeBSD-based firewall/routing OS, so you'd need to replace your existing FreeBSD routers with it, or add additional boxes. Stefan -- Stefan Bethke [EMAIL PROTECTED] Fon +49 170 346 0140 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD as a VPN Server/Router
The FreeBSD Handbook has a chapter on this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html HTH. The only problem with IPSec is you need static IP addresses for the tunnelling mode (unless somebody knows something I don't, at which point I'd really like to hear about it!). OpenVPN is about as good as it gets stability wise, and can customised, hacked, and altered in any way you need. It can also use public key authentication. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD as a VPN Server/Router
If OpenVPN seems like a bit much to tackle you could establish the link with an easy protocol like PPTP (PPTP can be added to pppd with the port /usr/ports/net/poptop) and then IPSec traffic traversing the link. Some even argue that this is a good idea because it's two layers of encryption (not to suggest that the PPTP encryption methods are a particular challenge to break), but they'll be a performance penalty to pay as well. Also, the load IPSec (or any encryption method for that matter) places on the encapsulating router is non-trivial, so be aware that if your hardware is a bit old you may get disappointing performance. I would suggest making the hardware at least current low end, or high end from a couple of years ago, to get the best performance. On side note, has anyone heard about the crypto lib for fast_ipsec and the Intel IPSec accelerated network cards (like the Pro 100/S)? I remember reading some time ago that there were, at the time, still issues getting the required info out of Intel to get the processor offloading working right. Is Intel still withholding the information? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Christopher Martin Sent: Thursday, 10 August 2006 8:42 AM To: FreeBSD Questions Mailing List (E-mail) Subject: RE: FreeBSD as a VPN Server/Router The FreeBSD Handbook has a chapter on this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html HTH. The only problem with IPSec is you need static IP addresses for the tunnelling mode (unless somebody knows something I don't, at which point I'd really like to hear about it!). OpenVPN is about as good as it gets stability wise, and can customised, hacked, and altered in any way you need. It can also use public key authentication. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: VPN Server
John and Hal, The company I work for has a customer that setup 4-5 sites on a vpn network with these. The 16 port unit is garbage, it uses different firmware than the lower port count units and it locks up all the time. I have had personal experience both with the Netgear VPN devices and the Cisco PIXes. The PIX are vastly superior. The Netgears have issues with doing a lot of things at the same time, and with high bandwidth. The truth is that the commercial products that play in this space are either very good, like the Cisco VPN 3000 but cost immense amounts of money because they are targeted at large enterprises, or they are really crappy because they are targeted at the very very very small offices that don't even have a server, and the companies that make them know that the small companies won't buy a network device that costs much over $300. And most of the smaller VPN hardware boxes I've seen only support peer-to-peer mode IPSec not client-server mode, despite their marketing literature. Most moderate sized organizations use Windows 2003 with dual NICs in them as VPN servers. As a result there's no market for a stable VPN server hardware box that's targeted at the 25-250 person organization. This is one area where building a VPN server on FreeBSD is definitely worth doing. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Cruz Sent: Thursday, March 09, 2006 2:22 PM To: hal Cc: freebsd-questions@freebsd.org Subject: Re: VPN Server http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayo utpackedargs=c%3DL_Product_C2%26cid%3D1118334795358pagename=Li nksys%2FCommon%2FVisitorWrapper Will probably suffice well, they also make a 16 port version @ http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayo utpackedargs=c%3DL_Product_C2%26cid%3D1123638171453pagename=Linksys%2FC ommon%2FVisitorWrapper But if you need more I'd go with the 4 ports and get a gigabit switch to add on to it. It'll be a little more expensive, but it will be worth it, knowing that if something happens to a machine the VPN won't suffer as a result. -john hal wrote: Any suggestions? hal On Mar 9, 2006, at 11:08 AM, John Cruz wrote: I'd go with a VPN router, they usually have the best results. hal wrote: I need FreeBSD VPN server software that will support Win2K, unix, Mac OS X, and Linux clients. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
VPN Server
I need FreeBSD VPN server software that will support Win2K, unix, Mac OS X, and Linux clients. Anyone have a suggestion/s? hal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN Server
OpenVPN is a good idea Hi Enrico I need FreeBSD VPN server software that will support Win2K, unix, Mac OS X, and Linux clients. Anyone have a suggestion/s? hal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN Server
I'd go with a VPN router, they usually have the best results. hal wrote: I need FreeBSD VPN server software that will support Win2K, unix, Mac OS X, and Linux clients. Anyone have a suggestion/s? hal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN Server
Any suggestions? hal On Mar 9, 2006, at 11:08 AM, John Cruz wrote: I'd go with a VPN router, they usually have the best results. hal wrote: I need FreeBSD VPN server software that will support Win2K, unix, Mac OS X, and Linux clients. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN Server
http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayoutpackedargs=c%3DL_Product_C2%26cid%3D1118334795358pagename=Linksys%2FCommon%2FVisitorWrapper Will probably suffice well, they also make a 16 port version @ http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayoutpackedargs=c%3DL_Product_C2%26cid%3D1123638171453pagename=Linksys%2FCommon%2FVisitorWrapper But if you need more I'd go with the 4 ports and get a gigabit switch to add on to it. It'll be a little more expensive, but it will be worth it, knowing that if something happens to a machine the VPN won't suffer as a result. -john hal wrote: Any suggestions? hal On Mar 9, 2006, at 11:08 AM, John Cruz wrote: I'd go with a VPN router, they usually have the best results. hal wrote: I need FreeBSD VPN server software that will support Win2K, unix, Mac OS X, and Linux clients. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN Server
OpenVPN, it's the shit. easy to setup. supports all the clients named. hal wrote: Any suggestions? hal On Mar 9, 2006, at 11:08 AM, John Cruz wrote: I'd go with a VPN router, they usually have the best results. hal wrote: I need FreeBSD VPN server software that will support Win2K, unix, Mac OS X, and Linux clients. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
VPN server ?
Hello I need some infos on FreeBSD baed VPN server links/experiences welcome thanks a lot -- Cordialement/Regards Frank Bonnet ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN server ?
Frank Bonnet wrote: I need some infos on FreeBSD baed VPN server links/experiences welcome I'm using OpenVPN (http://www.openvpn.org), and I'm very happy with it. It's simple to set up (*much* simpler than IPSEC), and it has so far been reliable for me. Since it uses SSL for encryption, it is easy to find hardware encryption acceleration; eg newer Via Epia systems have some crypto hardware built into the CPU which is supported by FreeBSD and delivers superb performance at little cost: those boards are cheap, and they use very little power. For even smaller VPN gateways, A soekris box (http://www.soekris.com) with a vpn acceleration add-on card ought to work fine as well. Cheers Benjamin signature.asc Description: OpenPGP digital signature
Re: Connect to Cisco VPN server from FreeBSD?
On Sun, Apr 10, 2005 at 04:38:34PM +0100, Scott Mitchell wrote: Hi all, As in the subject - has anyone managed to get a FreeBSD machine to connect to a Cisco VPN server, using IPSec and 2-factor authentication (password + SecurID card)? My employer has been acquired by another company, and this will soon be the only remote-access method available. Linux client software exists, but given that it relies on a kernel module I'm not holding out much hope of it working. The security/vpnc port looks like it might be useful. No idea if racoon + FreeBSD native IPSec can be persuaded to do the SecurID authentication. In case this is useful to anybody else - Finally got my SecurID card and can report that it works very well with the latest security/vpnc port. I had to decode the group password in the config file for the Cisco client I was given, but the vpnc web page has a handy service for doing just that. Apart from that, it just worked. The vpnc client doesn't support re-keying, so the connection hangs when the other side decides to do this. I'm mostly just connecting to machines at work over VNC or rdesktop, so this is no big deal for me - just re-connect. It also doesn't deal well with requests to re-authenticate after the SecurID token changes, which I think only happen if you get your password wrong. It does seem to correctly handle any DNS and split-tunnelling setup requested by the server, although you can tweak the connect script to ignore all that stuff if it annoys you :-) I'm connecting to a Cisco 2600 series router, with SecurID authentication done by some RADIUS server at another site. Haven't tried, but I expect I would have no trouble connecting to our central Cisco 3000 VPN concentrator box. Scott -- === Scott Mitchell | PGP Key ID | Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines scott at fishballoon.org | 0xAA775B8B | -- Anon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Connect to Cisco VPN server from FreeBSD?
Hi all, As in the subject - has anyone managed to get a FreeBSD machine to connect to a Cisco VPN server, using IPSec and 2-factor authentication (password + SecurID card)? My employer has been acquired by another company, and this will soon be the only remote-access method available. Linux client software exists, but given that it relies on a kernel module I'm not holding out much hope of it working. The security/vpnc port looks like it might be useful. No idea if racoon + FreeBSD native IPSec can be persuaded to do the SecurID authentication. I would try all these things myself, except I don't have any account details for the server yet. I really don't want to keep a Linux or Windows machine around just to connect to the office... Many thanks in advance, Scott -- === Scott Mitchell | PGP Key ID | Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines scott at fishballoon.org | 0xAA775B8B | -- Anon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connect to Cisco VPN server from FreeBSD?
Scott Mitchell wrote: Hi all, As in the subject - has anyone managed to get a FreeBSD machine to connect to a Cisco VPN server, using IPSec and 2-factor authentication (password + SecurID card)? My employer has been acquired by another company, and this will soon be the only remote-access method available. Linux client software exists, but given that it relies on a kernel module I'm not holding out much hope of it working. The security/vpnc port looks like it might be useful. No idea if racoon + FreeBSD native IPSec can be persuaded to do the SecurID authentication. I would try all these things myself, except I don't have any account details for the server yet. I really don't want to keep a Linux or Windows machine around just to connect to the office... Many thanks in advance, Scott I have not personally used this, however I have had reports of users connecting to a Cisco VPN 3000 box that I administered at one point with the following client: http://www.unix-ag.uni-kl.de/~massar/vpnc/ -Ash ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connect to Cisco VPN server from FreeBSD?
On Sun, Apr 10, 2005 at 12:26:45PM -0500, Ash wrote: Scott Mitchell wrote: Hi all, As in the subject - has anyone managed to get a FreeBSD machine to connect to a Cisco VPN server, using IPSec and 2-factor authentication (password + SecurID card)? My employer has been acquired by another company, and this will soon be the only remote-access method available. Linux client software exists, but given that it relies on a kernel module I'm not holding out much hope of it working. The security/vpnc port looks like it might be useful. No idea if racoon + FreeBSD native IPSec can be persuaded to do the SecurID authentication. I would try all these things myself, except I don't have any account details for the server yet. I really don't want to keep a Linux or Windows machine around just to connect to the office... Many thanks in advance, Scott I have not personally used this, however I have had reports of users connecting to a Cisco VPN 3000 box that I administered at one point with the following client: http://www.unix-ag.uni-kl.de/~massar/vpnc/ Thanks, that looks promising. The SecurID thing is apparently just a flavour of XAUTH which seems to be supported, so it might just work. Cheers, Scott -- === Scott Mitchell | PGP Key ID | Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines scott at fishballoon.org | 0xAA775B8B | -- Anon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connect to Cisco VPN server from FreeBSD?
Scott Mitchell wrote: On Sun, Apr 10, 2005 at 12:26:45PM -0500, Ash wrote: Scott Mitchell wrote: Hi all, As in the subject - has anyone managed to get a FreeBSD machine to connect to a Cisco VPN server, using IPSec and 2-factor authentication (password + SecurID card)? My employer has been acquired by another company, and this will soon be the only remote-access method available. Linux client software exists, but given that it relies on a kernel module I'm not holding out much hope of it working. The security/vpnc port looks like it might be useful. No idea if racoon + FreeBSD native IPSec can be persuaded to do the SecurID authentication. I would try all these things myself, except I don't have any account details for the server yet. I really don't want to keep a Linux or Windows machine around just to connect to the office... Many thanks in advance, Scott I have not personally used this, however I have had reports of users connecting to a Cisco VPN 3000 box that I administered at one point with the following client: http://www.unix-ag.uni-kl.de/~massar/vpnc/ Thanks, that looks promising. The SecurID thing is apparently just a flavour of XAUTH which seems to be supported, so it might just work. Cheers, Scott Whoops forgot to mention that I had configured out VPN3000 to authenticate users using SecurID. The vpnc users were able to authenticate just fine. OT, but they were also able to use vpnc to bypass split-tunneling restrictions (no real surprise there). Good luck, -Ash ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connect to Cisco VPN server from FreeBSD?
On Sun, Apr 10, 2005 at 01:41:20PM -0500, Ash wrote: Scott Mitchell wrote: Thanks, that looks promising. The SecurID thing is apparently just a flavour of XAUTH which seems to be supported, so it might just work. Cheers, Scott Whoops forgot to mention that I had configured out VPN3000 to authenticate users using SecurID. The vpnc users were able to authenticate just fine. OT, but they were also able to use vpnc to bypass split-tunneling restrictions (no real surprise there). Good luck, -Ash Cool - sounds like just the thing. I look forward to trying it out as soon as my new overlords give me my SecurID :-) Many thanks, Scott -- === Scott Mitchell | PGP Key ID | Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines scott at fishballoon.org | 0xAA775B8B | -- Anon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
mpd VPN Server / W2K Clients
Hello Jonathan, I found this thread from a long time ago at FreeBSD addicts: http://lists.freebsd.org/pipermail/freebsd-questions/2003-December/027869.ht ml I'm having absolutely identical problem with my MPD (it used to work and then it just stopped, who knows why). I tried to follow up on that solution you posted, but that page no longer opens up. Any help is greatly appreciated. Thank you much! -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.1 - Release Date: 4/1/2005 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mpd VPN Server / W2K Clients
- Original Message - From: Anton Zavrin [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Sent: Monday, April 04, 2005 9:27 AM Subject: mpd VPN Server / W2K Clients Hello Jonathan, I found this thread from a long time ago at FreeBSD addicts: http://lists.freebsd.org/pipermail/freebsd-questions/2003-December/027869.ht ml I'm having absolutely identical problem with my MPD (it used to work and then it just stopped, who knows why). I tried to follow up on that solution you posted, but that page no longer opens up. Any help is greatly appreciated. Thank you much! -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.1 - Release Date: 4/1/2005 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Anton, some things too look for here. Are the remote systems using Win XP? If so, are their firewalls configured to allow traffic from your network on TCP ports 1723? Also, is GRE being blocked at any point between your mpd system and their end? If it just stopped working, has anyone placed a firmware firewall device in recently? Many of them that I've run across recently don't even know what GRE is so a specific entry has to be made to allow protocol 47 to pass freely in order to get pptp to function properly. Hope it helps. -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
VPN server
hello I would like to setup my freebsd 5.2-CURRENT box as a VPN server for windows 2k/xp clients, and enable them to use internet (PPPoE ADSL) connection. the clients are on various subnets connected to my box via LAN. I consider using pptop port for setting up VPN server, but if you have some other idea, please tell me...all I need is it to support win clients (and authentication usrname/pass) and I want the users to be able to access internet..that's all... the simpler the merrier :) thank you!! regards,marin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN server
- Original Message - From: lycanthrope [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 13, 2004 6:59 PM Subject: VPN server hello I would like to setup my freebsd 5.2-CURRENT box as a VPN server for windows 2k/xp clients, and enable them to use internet (PPPoE ADSL) connection. the clients are on various subnets connected to my box via LAN. I consider using pptop port for setting up VPN server, but if you have some other idea, please tell me...all I need is it to support win clients (and authentication usrname/pass) and I want the users to be able to access internet..that's all... the simpler the merrier :) thank you!! regards,marin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] If you want to support mppe128, you can use netgraph-mpd (/usr/ports/net/mpd/ in the 4.x tree) It supports username / pass and ip to the vpn client. I would imagine this is also available in the 5.x tree as well. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: VPN server
I am looking for some recomendations for a powerful (yet simple if possible) VPN server. You have two options, there is 'mpd' and 'PoPToP'. I have run them both, but mpd seems to support Microsoft clients with less hassle (at least in my experience). At present I will need to only have access to one other network in a different office running Win2K PPTP. Hopefully I will need to expand in the future to other networks that may or may not be MS based. This can be done using ip routing. You can create a static route between the two networks on the PPTP server and client. The windows client will get its configuation data from the VPN Server (FreeBSD). However, You may want to add a static route to FreeBSD that will send remote LAN specific traffic down the VPN link. Pretend that your remote network in the office is numbered 192.168.20.1/24. myUnix# route add -net 192.168.20 192.168.20.1 255.255.255.0 One other thing to disable (its on by default) is that the Windows implimentation of the VPN client will route all traffic over the VPN. I doubt that this is what you want, and you can disable it in the VPN/PPTP connection properties on the windows machine. In Windows XP Professional, I do the following. Open the VPN Connection Properties. Select the Networking Tab. Select Internet Protocol (TCP/IP) and click properties. Click on Advanceed. Uncheck Use default gateway on remote network. Both products (mpd and poptop) will work, but they both require a little bit of configuration. The current mpd in the ports tree has some examples you may want to look at. I would like if possible for the connections to be completly transparent to a user. Best case senario is the user signs on to thier FreeBSD (I am in a mixed network so there are a few XP systems also) system and opens up an application (or browse to a share on the other network) that connects to the other network and it connects without any more user intervention. Well, if you have a FreeBSD box in both places, there are lots of other options as well. My friend Nick runs a FreeBSD machine and we use a 'gif' tunnel (IPv4 over IPv4) with IPSec encrypting the data before it goes over the wire. There other solutions as well such as 'nos-tun'. I think that 'nos-tun' is part of the base installation and uses the 'tun' device (part of the GENERIC kernel) by default. LOL I am not asking much am I? Not at all. '-questions' is a good place for this question. In fact if you search through the archives, I have posted similar VPN questions in the past to this same list. Thank you, Joshua Lewis Aaron Burke (private email address because I HATE spam) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
VPN server
I am looking for some recomendations for a powerful (yet simple if possible) VPN server. At present I will need to only have access to one other network in a different office running Win2K PPTP. Hopefully I will need to expand in the future to other networks that may or may not be MS based. I would like if possible for the connections to be completly transparent to a user. Best case senario is the user signs on to thier FreeBSD (I am in a mixed network so there are a few XP systems also) system and opens up an application (or browse to a share on the other network) that connects to the other network and it connects without any more user intervention. LOL I am not asking much am I? Thank you, Joshua Lewis ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: VPN server
PPTP solutions for FreeBSD include MPD and Poptop IPSEC/VPN solution include using kernel IPSEC and GIF interfaces : http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html check out http://www.section6.net/help/pptphow.php for info on a dedicated PPTP server using FreeBSD Thomas Foster -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Lewis Sent: Tuesday, June 08, 2004 3:11 PM To: [EMAIL PROTECTED] Subject: VPN server I am looking for some recomendations for a powerful (yet simple if possible) VPN server. At present I will need to only have access to one other network in a different office running Win2K PPTP. Hopefully I will need to expand in the future to other networks that may or may not be MS based. I would like if possible for the connections to be completly transparent to a user. Best case senario is the user signs on to thier FreeBSD (I am in a mixed network so there are a few XP systems also) system and opens up an application (or browse to a share on the other network) that connects to the other network and it connects without any more user intervention. LOL I am not asking much am I? Thank you, Joshua Lewis ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mpd VPN Server / W2K Clients
Hello, I am trying to configure mpd for road warrior w2k clients to connect to, and I'm running into a few issues, hoping some of you could help out. I'm not sure if there are other issues that need to be configured differently besides mpd, like ppp or natd, etc. Or do you need to change options in the W2K VPN client. Below are my specs, mpd config files, and error message. Please let me know if you have any I know its been a while since you posted (I don't get to read this list as often as I'd like to), but in case you didn't get it working, the thing that threw me for a while was putting gateway_enable=yes in rc.conf (syntax might be slightly different). Its in the MPD readme file, but you don't see that file when installing from ports. ;) Don't forget to run some sort of firewall so you only allow pptp traffic to bridge that connection. Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
mpd VPN Server / W2K Clients
Hello, I am trying to configure mpd for road warrior w2k clients to connect to, and I'm running into a few issues, hoping some of you could help out. I'm not sure if there are other issues that need to be configured differently besides mpd, like ppp or natd, etc. Or do you need to change options in the W2K VPN client. Below are my specs, mpd config files, and error message. Please let me know if you have any suggestions. THANKS!!! --- Heres my specs on my testing box: --- FreeBSD 4.9 WAN IP: 1.2.3.4 LAN IP: 10.30.30.1 MPD version: 3.15 Recompiled with these options IPFIREWALL, DUMMYNET, BRIDGE, IPSEC: Pretty basic testing firewall system. Running ipfw, natd --- Mpd.conf: --- default: load pptp0 pptp0: new -i ng0 pptp0 pptp0 set ipcp ranges 10.30.30.100/24 10.30.30.230/24 load pptp pptp: set iface disable on-demand set iface enable proxy-arp set iface idle 1800 set link yes acfcomp protocomp set link no chap set link enable pap set link mtu 1460 set link mru 1460 set link keep-alive 10 60 set ipcp yes vjcomp set ipcp dns 6.7.8.9 set bundle enable compression set ccp yes mpp-compress set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e56 set ccp yes mpp-e128 set ccp yes mpp-stateless --- Mpd.links: --- pptp0: set link type pptp set pptp self 1.2.3.4 set pptp enable incoming set pptp disable originate --- Mpd.secret: --- Johnpassword --- When a W2K client(24.24.24.24) tries to connect, this is what is displayed on the server: --- Multi-link PPP for FreeBSD, by Archie L. Cobbs. Based on iij-ppp, by Toshiharu OHNO. mpd: pid 3472, version 3.15 ([EMAIL PROTECTED] 12:19 1-Dec-2003) [pptp0] ppp node is mpd3472-pptp0 mpd: local IP address for PPTP is 1.2.3.4 [pptp0] using interface ng0 [pptp0:pptp0] mpd: PPTP connection from 24.24.24.24:1275 pptp0: attached to connection with 24.24.24.24:1275 [pptp0] IFACE: Open event [pptp0] IPCP: Open event [pptp0] IPCP: state change Initial -- Starting [pptp0] IPCP: LayerStart [pptp0] IPCP: Open event [pptp0] bundle: OPEN event in state CLOSED [pptp0] opening link pptp0... [pptp0] link: OPEN event [pptp0] LCP: Open event [pptp0] LCP: state change Initial -- Starting [pptp0] LCP: LayerStart [pptp0] device: OPEN event in state DOWN [pptp0] attaching to peer's outgoing call [pptp0] device is now in state OPENING [pptp0] device: UP event in state OPENING [pptp0] device is now in state UP [pptp0] link: UP event [pptp0] link: origination is remote [pptp0] LCP: Up event [pptp0] LCP: state change Starting -- Req-Sent [pptp0] LCP: phase shift DEAD -- ESTABLISH [pptp0] LCP: SendConfigReq #1 ACFCOMP PROTOCOMP MRU 1460 MAGICNUM 7ad4aee0 AUTHPROTO PAP MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 04 75 c3 99 19 pptp0-0: ignoring SetLinkInfo [pptp0] LCP: rec'd Configure Request #0 link 0 (Req-Sent) MRU 1400 MAGICNUM 76ca7995 PROTOCOMP ACFCOMP CALLBACK Not supported [pptp0] LCP: SendConfigRej #0 CALLBACK [pptp0] LCP: rec'd Configure Reject #1 link 0 (Req-Sent) MP MRRU 1600 MP SHORTSEQ ENDPOINTDISC [802.1] 00 04 75 c3 99 19 [pptp0] LCP: SendConfigReq #2 ACFCOMP PROTOCOMP MRU 1460 MAGICNUM 7ad4aee0 AUTHPROTO PAP [pptp0] LCP: rec'd Configure Request #1 link 0 (Req-Sent) MRU 1400 MAGICNUM 76ca7995 PROTOCOMP ACFCOMP [pptp0] LCP: SendConfigAck #1 MRU 1400 MAGICNUM 76ca7995 PROTOCOMP ACFCOMP [pptp0] LCP: state change Req-Sent -- Ack-Sent [pptp0] LCP: rec'd Configure Nak #2 link 0 (Ack-Sent) AUTHPROTO CHAP MSOFTv2 [pptp0] LCP: SendConfigReq #3 ACFCOMP PROTOCOMP MRU 1460 MAGICNUM 7ad4aee0 AUTHPROTO PAP [pptp0] LCP: rec'd Configure Nak #3 link 0 (Ack-Sent) AUTHPROTO CHAP MSOFT [pptp0] LCP: SendConfigReq #4 ACFCOMP PROTOCOMP MRU 1460 MAGICNUM 7ad4aee0 AUTHPROTO PAP [pptp0] LCP: rec'd Configure Nak #4 link 0 (Ack-Sent) AUTHPROTO CHAP MSOFT [pptp0] LCP: SendConfigReq #5 ACFCOMP PROTOCOMP MRU 1460 MAGICNUM 7ad4aee0 AUTHPROTO PAP [pptp0] LCP: rec'd Configure Nak #5 link 0 (Ack-Sent) AUTHPROTO CHAP MSOFT [pptp0] LCP: SendConfigReq #6 ACFCOMP PROTOCOMP MRU 1460 MAGICNUM 7ad4aee0 AUTHPROTO PAP [pptp0] LCP: rec'd Configure Nak #6 link 0 (Ack-Sent) AUTHPROTO CHAP MSOFT [pptp0] LCP: SendConfigReq #7 ACFCOMP PROTOCOMP MRU 1460 MAGICNUM 7ad4aee0 AUTHPROTO PAP [pptp0] LCP: rec'd Configure Nak #7 link 0 (Ack-Sent) AUTHPROTO CHAP MSOFT [pptp0] LCP: SendConfigReq #8 ACFCOMP PROTOCOMP MRU 1460 MAGICNUM 7ad4aee0 AUTHPROTO PAP [pptp0] LCP: SendConfigReq #9 ACFCOMP PROTOCOMP MRU 1460 MAGICNUM 7ad4aee0 AUTHPROTO PAP [pptp0] LCP: rec'd Configure Nak #9 link 0 (Ack-Sent) AUTHPROTO CHAP MSOFT [pptp0] LCP: SendConfigReq #10 ACFCOMP PROTOCOMP MRU 1460 MAGICNUM 7ad4aee0 AUTHPROTO PAP [pptp0] LCP: rec'd Configure Nak #10 link 0 (Ack-Sent) AUTHPROTO
Re: mpd VPN Server / W2K Clients
Bill Asher wrote: Hello, I am trying to configure mpd for road warrior w2k clients to connect to, and I'm running into a few issues, hoping some of you could help out. I'm not sure if there are other issues that need to be configured differently besides mpd, like ppp or natd, etc. Or do you need to change options in the W2K VPN client. Below are my specs, mpd config files, and error message. Please let me know if you have any suggestions. THANKS!!! *snip* i recently posted a howto on getting mpd up an working with winxp. the steps should be almost identical. you can find it here. if it still dosn't work, feel free to follow up to me directly. http://freebsdaddicts.org/modules.php?name=Sectionsop=viewarticleartid=9 ~j -- Yesterday upon the stair I saw a man who wasn't there, he wasn't there again today, oh how i wish he'd go away Rev. Jonathan T. Sage Lighting / Set Designer Professional Web Design [HTTP://thr.msu.edu] [EMAIL PROTECTED] [PGP: www.keyserver.net] pgp0.pgp Description: PGP signature
Problem with more than one connection Win VPN of client through FreeBSD 4.6 + IPNAT + IPF to W2k VPN server
Hi All! Can you help in the below problem: We have 4.6 FreeBSD box with IPF and IPNAT. FreeBSD has two Ethernet cards (with real IP and with IP from internal private network). We have some amount of Win98/W2K workstations in our office with IP from internal private network. We need VPN connection from above workstations to external W2K VPN server with real IP through IPNAT of FreeBSD box. But we can make only one VPN connection. The Win workstation shows message that VPN server doesn't answer if we try creating second VPN (I think that the IPNAT can't pass more than one PPTP, maybe I am wrong). However maybe W2K server doesn't answer on two or more MASQ VPN requests from the same server. Can you explain above problem? Pls send copy of answer directly to me : [EMAIL PROTECTED] Thank you in advance With best regards Gennady To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message