From owner-freebsd-net Fri Jan 12 14:46: 0 2001 Delivered-To: freebsd-net@freebsd.org Received: from mail.interware.hu (mail.interware.hu [195.70.32.130]) by hub.freebsd.org (Postfix) with ESMTP id 80FB537B401 for ; Fri, 12 Jan 2001 14:45:39 -0800 (PST) Received: from kairo-46.budapest.interware.hu ([195.70.50.110] helo=elischer.org) by mail.interware.hu with esmtp (Exim 3.16 #1 (Debian)) id 14HCwv-0002S9-00; Fri, 12 Jan 2001 23:45:33 +0100 Message-ID: <3A5F1C86.DC8A513D@elischer.org> Date: Fri, 12 Jan 2001 07:02:30 -0800 From: Julian Elischer X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 5.0-CURRENT i386) X-Accept-Language: en, hu MIME-Version: 1.0 To: ppX Cc: freebsd-net@freebsd.org Subject: Re: VPN References: Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ppX wrote: > > Hello > I have an question regarding VPN. > I have found no good documentation for the thing i want to do > We want to make direct links to 2 gateways which will be connected > Every computer that is linked need to be tunneling. > > C=Computer > GW=Gateway > > Both gateways are active computers and must also be able to access all > other computers and C1 needs to be able to connect to C6 and vice versa... > > If you have any tips on how to do this I really appreciate it... > > C1 C2 C3 > \ | / > \----GW 1----/ > || > ----GW 2---- > / | \ > / | \ > C4 C5 C6 >From what you say below, this is a better picture: C1------+ | C2------+ +--------[Internet via ISP1 ]---------- C3------+ +- - - - - - -//- - - - - - - - - | | ; GW1-----+ | ; \======+ ; VPN LINK /======+ ; GW2-----+ | ; | | ; C4------+ +- - - - - - -//- - - - - - - - - +---------[Internet via ISP]-------- C5------+ | C6------+ What is not clear is if the VPS go out through the same router as norma ISP traffic or whether you are using the ISP (ADSL? Cable?) to connect machines to your own hobs that have their own higher speed connections, via a different ISP. (or the same one with a different service agreement). > > We have looked at PPTP but it seems to only support direct links, well > maybe that would be what we can use ie Linking C1, C2, C3 directly to GW 1 > and GW 1 to GW 2 and GW 2 connects the rest the same way... > > Also one thing GW 1 is an OpenBSD 2.8 and GW 2 is an FreeBSD 4.1.1 > will this oppose any problems? > > OpenBSD also seems to have autmatic exchange of encryption keys, does > FreeBSD support this too? > > C1, C2, C3 are all Linux computers > C4, C5, C6 are FreeBSD 4.1.1, Linux, Linux > > The reason why we have to do it this strange way is because C4, C5, C6 has > isp's who prohibit them to have high bandwidth outside the local DMZ but > GW 2 which is connected to it does not have this problem, unless we would > link C1, C2, C3 directly to it then its isp will come about and complain > about the bandwidth usage it has too. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message -- __--_|\ Julian Elischer / \ julian@elischer.org ( OZ ) World tour 2000 ---> X_.---._/ from Perth, presently in: Budapest v To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message