Date: Fri, 12 Jan 2001 07:02:30 -0800 From: Julian Elischer <julian@elischer.org> To: ppX <c4@worldclass.jolt.nu> Cc: freebsd-net@freebsd.org Subject: Re: VPN Message-ID: <3A5F1C86.DC8A513D@elischer.org> References: <Pine.BSF.4.21.0101120205360.2951-100000@worldclass.jolt.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
ppX wrote:
>
> Hello
> I have an question regarding VPN.
> I have found no good documentation for the thing i want to do
> We want to make direct links to 2 gateways which will be connected
> Every computer that is linked need to be tunneling.
>
> C=Computer
> GW=Gateway
>
> Both gateways are active computers and must also be able to access all
> other computers and C1 needs to be able to connect to C6 and vice versa...
>
> If you have any tips on how to do this I really appreciate it...
>
> C1 C2 C3
> \ | /
> \----GW 1----/
> ||
> ----GW 2----
> / | \
> / | \
> C4 C5 C6
>From what you say below, this is a better picture:
C1------+
|
C2------+
+--------[Internet via ISP1 ]----------
C3------+ +- - - - - - -//- - - - - - - - -
| | ;
GW1-----+ | ;
\======+ ;
VPN LINK
/======+ ;
GW2-----+ | ;
| | ;
C4------+ +- - - - - - -//- - - - - - - - -
+---------[Internet via ISP]--------
C5------+
|
C6------+
What is not clear is if the VPS go out through the same
router as norma ISP traffic or whether you are using the ISP
(ADSL? Cable?) to connect machines to your own hobs that have
their own higher speed connections, via a different ISP. (or the same
one with a different service agreement).
>
> We have looked at PPTP but it seems to only support direct links, well
> maybe that would be what we can use ie Linking C1, C2, C3 directly to GW 1
> and GW 1 to GW 2 and GW 2 connects the rest the same way...
>
> Also one thing GW 1 is an OpenBSD 2.8 and GW 2 is an FreeBSD 4.1.1
> will this oppose any problems?
>
> OpenBSD also seems to have autmatic exchange of encryption keys, does
> FreeBSD support this too?
>
> C1, C2, C3 are all Linux computers
> C4, C5, C6 are FreeBSD 4.1.1, Linux, Linux
>
> The reason why we have to do it this strange way is because C4, C5, C6 has
> isp's who prohibit them to have high bandwidth outside the local DMZ but
> GW 2 which is connected to it does not have this problem, unless we would
> link C1, C2, C3 directly to it then its isp will come about and complain
> about the bandwidth usage it has too.
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
--
__--_|\ Julian Elischer
/ \ julian@elischer.org
( OZ ) World tour 2000
---> X_.---._/ from Perth, presently in: Budapest
v
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A5F1C86.DC8A513D>