From owner-freebsd-isp  Wed Nov 20  2:41:37 2002
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9611C37B401; Wed, 20 Nov 2002 02:41:36 -0800 (PST)
Received: from mail.yazzy.org (mail.yazzy.org [80.232.16.67])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id E053143E97; Wed, 20 Nov 2002 02:41:35 -0800 (PST)
	(envelope-from yazzy@ezunix.org)
Received: by mail.yazzy.org (Postfix, from userid 1001)
	id 05337B5FA; Wed, 20 Nov 2002 11:02:22 +0100 (CET)
Date: Wed, 20 Nov 2002 11:02:22 +0100
From: "Marcin M. Jessa" <yazzy@ezunix.org>
To: freebsd-isp@freebsd.org, freebsd-security@freebsd.org
Subject: VPN and roaming Windows 2K clients
Message-ID: <20021120100222.GA68431@yazzy.org>
Reply-To: Marcin Jessa <yazzy@ezunix.org>
Mail-Followup-To: freebsd-isp@freebsd.org,
	freebsd-security@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Organization: ezUnix.org
X-Operating-System: FreeBSD 4.7-RELEASE i386 10:30AM  up 2 days, 18:07, 2 users, load averages: 0.00, 0.05, 0.23
X-Editor: Vim http://www.vim.org/
X-Mailer: Mutt http://www.mutt.org/
X-Info: http://www.ezunix.org/
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

Hi guys.                                                                                                                                               
                                                                                                                                                        
                                                                                                                                                        Do you know how to make a FreeBSD firewall a VPN server for roaming Win2K boxes (Win2k users without static IP's)?                                     
I've been playing with racoon for a few days but it seems that the only way it can authenticate roaming Windows VLAN users
is with preshared certificates. 
This again excludes usage of manual keying (pre_shared_keys) which is nessesary for accepting connections from dynamic IP's.                           
The preshared keys method can be configured to accept connections from specified hostnames and that could work with windows 
boxes that run a dyndns client.  Again Windows and racoon can only communicate using certificates and not manual keying.... an evil circle.             Windows can speak with racoon if one makes racoon to automatically exchange keys but this works only if Windows clients have static IP's...            
Have any of you guys an idea about what to do to combine these methods?                                               
Or maybe there is a workaround?                                                                                                                        
Please squeeze your brains and let me know about whatever you think may be of interest in this metter.                                                 
                                                                                                                                                        
                                                                                                                                                        Thanks in advance.
                                                                                                                                                        YazzY

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message