From owner-freebsd-questions@FreeBSD.ORG Wed Jan 25 06:48:19 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B85DA16A41F; Wed, 25 Jan 2006 06:48:19 +0000 (GMT) (envelope-from drew@mykitchentable.net) Received: from relay01.roc.ny.frontiernet.net (relay01.roc.ny.frontiernet.net [66.133.182.164]) by mx1.FreeBSD.org (Postfix) with ESMTP id 619EE43D46; Wed, 25 Jan 2006 06:48:15 +0000 (GMT) (envelope-from drew@mykitchentable.net) Received: from blacklamb.mykitchentable.net (70-97-219-158.dsl2.elk.ca.frontiernet.net [70.97.219.158]) by relay01.roc.ny.frontiernet.net (Postfix) with ESMTP id 0A5B3364139; Wed, 25 Jan 2006 06:48:13 +0000 (UTC) Received: from [192.168.25.6] (unknown [192.168.25.6]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by blacklamb.mykitchentable.net (Postfix) with ESMTP id 5989CAE685; Tue, 24 Jan 2006 22:48:12 -0800 (PST) Message-ID: <43D71F2B.2090100@mykitchentable.net> Date: Tue, 24 Jan 2006 22:48:11 -0800 From: Drew Tomlinson User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: gahn References: <20060124235945.92438.qmail@web52114.mail.yahoo.com> In-Reply-To: <20060124235945.92438.qmail@web52114.mail.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-2.3.2 (20050629) at filter05.roc.ny.frontiernet.net Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: IPsec, VPN and FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jan 2006 06:48:19 -0000 On 1/24/2006 3:59 PM gahn wrote: >Hi: > >We intend to build IPSec based VPN server on FreeBSD >platform so that we can access internal network of a >lab. The remote side will use VPN client and could be >from anywhere of the Internet, or may be from the >another site of the company. From the hnadbook, I saw >the sample of site-to-site configurations and we do >have one FreeBSD firewall (running ipfw) on both site >and another one on another site (both have firewalls >on them), can we do that? Also what about the >client-server model? What kind of clients do we need >in order to connect to the FreeBSD/IPsec/VPN? Any >tips/information for the configuration of the >clients/server model on internet? > >Any help will be greatly appreciated. > I've been very pleased with OpenVPN for my needs. Biggest downside is that each potential connection requires a separate OpenVPN instance as I understand it. However if your client base is small, you might give it a look. Cheers, Drew -- Visit The Alchemist's Warehouse Magic Tricks, DVDs, Videos, Books, & More! http://www.alchemistswarehouse.com