From owner-freebsd-questions@FreeBSD.ORG Sat Jul 24 19:18:29 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9662316A4CE for ; Sat, 24 Jul 2004 19:18:29 +0000 (GMT) Received: from viper4.dataraq.net (viper4.dataraq.net [209.218.168.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12C2543D1D for ; Sat, 24 Jul 2004 19:18:27 +0000 (GMT) (envelope-from aj@siegel-tech.net) Received: (qmail 40028 invoked from network); 24 Jul 2004 19:20:03 -0000 Received: from bgp01386312bgs.brodwy01.nm.comcast.net (HELO trekster.siegel-tech.net) (68.35.160.166) by viper4.dataraq.net with SMTP; 24 Jul 2004 19:20:03 -0000 From: Aaron Siegel To: freebsd-questions@freebsd.org Date: Sat, 24 Jul 2004 13:18:17 -0600 User-Agent: KMail/1.6.2 MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200407241318.17785.aj@siegel-tech.net> Subject: VPN with multiple offices X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jul 2004 19:18:29 -0000 Hello I know this is a popular and probably discussed many times before. My problem is I am finding to much information and having trouble weeding through it all. I am an facilities engineer (not a network administrator) for a small firm that is in located multiple offices. We also work with many other small companies who will need temporary access to the network while working on larger projects. In addition to this we would like to give remote access for our road warriors from anonymous networks. For the our offices I believe a tunnel with esp that seems to be the is documented in the handbook and many other sites. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html http://www.daemonnews.org/200101/ipsec-howto.html http://www.usenix.org/publications/library/proceedings/bsdcon02/full_papers/schadow/schadow_html/ Does anyone have anyone have any suggestions on how to provide outside companies access to the network? Most of these companies do not have computer administrators and have minimal computer skills. I am thinking of using PPTP to provide access to the outside offices and the road warriors. Then secure the network using a server certificate (I am not sure what to call it). The reference for this configuration was found at the site bellow. http://www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO.html I writing this in hope to hear other people experiences with seting up and managing simular configurations. I would like to know if I am on the right track or there better tools for creating this configurations. Thank you for your time Aaron Siegel