From owner-freebsd-questions Wed Jan 8 1:29:28 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D2DF37B401 for ; Wed, 8 Jan 2003 01:29:26 -0800 (PST) Received: from mail.tiscali.it (mail-3.tiscali.it [195.130.225.149]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFD6F43EDC for ; Wed, 8 Jan 2003 01:29:24 -0800 (PST) (envelope-from fcasadei@inwind.it) Received: from goku.kasby (217.133.208.17) by mail.tiscali.it (6.5.032) id 3E008F09008D19AA for freebsd-questions@FreeBSD.ORG; Wed, 8 Jan 2003 10:29:23 +0100 Received: (qmail 1050 invoked by uid 1000); 8 Jan 2003 09:29:06 -0000 Date: Wed, 8 Jan 2003 10:29:06 +0100 From: Francesco Casadei To: Kory Hamzeh Cc: Francesco Casadei , freebsd-questions@FreeBSD.ORG Subject: Re: POP Server with Secure Password Authentication Message-ID: <20030108092906.GA685@goku.kasby> Mail-Followup-To: Kory Hamzeh , Francesco Casadei , freebsd-questions@FreeBSD.ORG References: <20030107105519.GA16245@goku.kasby> <003f01c2b6e3$a3dd0e80$14ce21c7@avatar.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="OXfL5xGRrasGEqWY" Content-Disposition: inline In-Reply-To: <003f01c2b6e3$a3dd0e80$14ce21c7@avatar.com> User-Agent: Mutt/1.4i X-Operating-System: FreeBSD 4.7-STABLE i386 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --OXfL5xGRrasGEqWY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 07, 2003 at 11:00:34PM -0800, Kory Hamzeh wrote: >=20 [snip] >=20 > Francesco, >=20 > Thank you! That works great and it took me all of 10 minutes to setup and > configure. I'm wondering if stunnel can be setup to encrypt all traffic t= o a > certain host. Right now, I have a bunch of user's using the cisco VPN > software (IKE & IPSEC) on their PC's and connect to a cisco router acting= as > a security gateway which decrypts and routes the traffic on the local LAN. > I'm wondering if stunnel can replace all of that by running stunnel on a > freebsd machine acting as the security gateway and then run a copy of > stunnel on all of the user's PC under windoze. >=20 > Thanks, > Kory >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message >=20 > end of the original message If I understand you well, you have several options: - install mpd (net/mpd in the ports) on the FreeBSD machine acting as a PPTP server and then configure a PPTP connection to the security gateway on the windows clients; mpd also supports DES encryption - install one of the following VPN servers on the FreeBSD machine: * openvpn (security/openvpn), see http://openvpn.sourceforge.net/ * vpnd (security/vpnd), see http://sunsite.dk/vpnd/=20 * tinc (security/tinc), see http://tinc.nl.linux.org/ I have only tried the first option to connect a Windows 95 box, via an MPPE-encrypted tunnel over the Internet, to a PPTP FreeBSD server, which in turn is the firewall/gateway of the office LAN.=20 Francesco Casadei --=20 You can download my public key from http://digilander.libero.it/fcasadei/ or retrieve it from a keyserver (pgpkeys.mit.edu, wwwkeys.pgp.net, ...) Key fingerprint is: 1671 9A23 ACB4 520A E7EE 00B0 7EC3 375F 164E B17B --OXfL5xGRrasGEqWY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+G+9hfsM3XxZOsXsRAoq8AJ9c9pdxFDypWv8b6sDhgAYNMh0fOQCfXv/z LMjX7gojZxRizN7H43Uy7Uc= =CfcK -----END PGP SIGNATURE----- --OXfL5xGRrasGEqWY-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message