From owner-freebsd-net  Thu Jan 11 17:16:55 2001
Delivered-To: freebsd-net@freebsd.org
Received: from worldclass.jolt.nu (lgh637b.hn-krukan.AC [212.217.139.112])
	by hub.freebsd.org (Postfix) with ESMTP id AA7C337B402
	for <freebsd-net@freebsd.org>; Thu, 11 Jan 2001 17:16:36 -0800 (PST)
Received: from localhost (c4@localhost)
	by worldclass.jolt.nu (8.9.3/8.9.3) with ESMTP id CAA03032
	for <freebsd-net@freebsd.org>; Fri, 12 Jan 2001 02:14:53 +0100 (CET)
	(envelope-from c4@worldclass.jolt.nu)
Date: Fri, 12 Jan 2001 02:14:51 +0100 (CET)
From: ppX <c4@worldclass.jolt.nu>
To: freebsd-net@freebsd.org
Subject: VPN
Message-ID: <Pine.BSF.4.21.0101120205360.2951-100000@worldclass.jolt.nu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello
I have an question regarding VPN.
I have found no good documentation for the thing i want to do
We want to make direct links to 2 gateways which will be connected
Every computer that is linked need to be tunneling.

C=Computer
GW=Gateway

Both gateways are active computers and must also be able to access all
other computers and C1 needs to be able to connect to C6 and vice versa...

If you have any tips on how to do this I really appreciate it...

         C1      C2      C3
          \      |       /
           \----GW 1----/
                 ||
            ----GW 2----
           /     |      \
          /      |	 \
         C4     C5  	 C6

We have looked at PPTP but it seems to only support direct links, well
maybe that would be what we can use ie Linking C1, C2, C3 directly to GW 1
and GW 1 to GW 2 and GW 2 connects the rest the same way...

Also one thing GW 1 is an OpenBSD 2.8 and GW 2 is an FreeBSD 4.1.1
will this oppose any problems?

OpenBSD also seems to have autmatic exchange of encryption keys, does
FreeBSD support this too?

C1, C2, C3 are all Linux computers
C4, C5, C6 are FreeBSD 4.1.1, Linux, Linux

The reason why we have to do it this strange way is because C4, C5, C6 has
isp's who prohibit them to have high bandwidth outside the local DMZ but
GW 2 which is connected to it does not have this problem, unless we would
link C1, C2, C3 directly to it then its isp will come about and complain
about the bandwidth usage it has too.





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message