Date: Wed, 20 Nov 2002 10:01:47 -0500 From: Jim Durham <durham@jcdurham.com> To: Marcin Jessa <yazzy@ezunix.org>, freebsd-questions@FreeBSD.ORG Subject: Re: VPN and roaming Windows 2K users Message-ID: <200211201001.47980.durham@jcdurham.com> In-Reply-To: <20021120100754.GB68431@yazzy.org> References: <20021120100754.GB68431@yazzy.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 20 November 2002 05:07 am, Marcin M. Jessa wrote: > Do you know how to make a FreeBSD firewall a VPN server for roaming Win= 2K > boxes (Win2k users without static IP's)? I've been playing with racoon = for > a few days but it seems that the only way it can authenticate roaming > Windows VLAN users is with preshared certificates. > This again excludes usage of manual keying (pre_shared_keys) which is > nessesary for accepting connections from dynamic IP's. = =20 > The preshared keys method can be configured to accept connections > from specified hostnames and that could work with windows boxes that ru= n a > dyndns client. Again Windows and racoon can only communicate using > certificates and not manual keying....an evil circle. Windows can speak > with racoon if one makes racoon to automatically exchange keys but this > works only if Windows clients have static IP's... > Have any of you guys an idea about what to do to combine these methods?= =20 > = =20 > Or maybe there is a workaround? Please squeeze your brains and let me k= now > about whatever you think may be of interest in this metter. I use mpd to serve 95,98, 2000 and XP boxes using their "VPN' connection. This seems to work well and you can coach a remote user through the Windows setup over the phone with minimal trouble. I use racoon and IPSEC between offices with FreeBSD boxes on each end. -Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211201001.47980.durham>