From owner-freebsd-questions@FreeBSD.ORG  Wed Aug  9 20:44:45 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AC8DD16A4DE
	for <freebsd-questions@freebsd.org>;
	Wed,  9 Aug 2006 20:44:45 +0000 (UTC) (envelope-from stb@lassitu.de)
Received: from koef.zs64.net (koef.zs64.net [213.238.47.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2027943D46
	for <freebsd-questions@freebsd.org>;
	Wed,  9 Aug 2006 20:44:44 +0000 (GMT) (envelope-from stb@lassitu.de)
Received: (from stb@koef.zs64.net) (authenticated)
	by koef.zs64.net (8.13.7/8.13.7) with ESMTP id k79KiVG2081536
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO);
	Wed, 9 Aug 2006 22:44:42 +0200 (CEST) (envelope-from stb@lassitu.de)
In-Reply-To: <20060809173312.GA45250@ns2.wananchi.com>
References: <20060809173312.GA45250@ns2.wananchi.com>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <BE9BC7D9-E356-49CA-8F41-9B76B0079C9E@lassitu.de>
Content-Transfer-Encoding: 7bit
From: Stefan Bethke <stb@lassitu.de>
Date: Wed, 9 Aug 2006 22:44:30 +0200
To: Odhiambo Washington <wash@wananchi.com>
X-Mailer: Apple Mail (2.752.2)
Cc: freebsd-questions@freebsd.org
Subject: Re: FreeBSD as a VPN Server/Router
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Aug 2006 20:44:45 -0000

Am 09.08.2006 um 19:33 schrieb Odhiambo Washington:

> In this scenario, siteA has several applications running on several  
> windows servers which are behind the FreeBSD box. The challenge is  
> to allow siteB to access these applications securely via the WAN  
> setup. VPN comes straight to mind, but this is a new area to me.

OpenVPN certainly fits your requirements.  Besides a routed  
connection between two sides, it also offers a bridged setup, so it  
is ideally suited for connecting two Windows-centric networks.

We use it at work for home VPNs as well as road warriors,  
configuration is straightforward, and performance is absolutely  
acceptable.

IPSec has been mentioned before; I've had trouble understanding the  
configuration and how to diagnose problems. We did get it to work in  
the office, but only with a lot of trial and error.  isakmpd and  
racoon are... idiosyncratic, to be polite.

vtun has had major security issues in the past, so I would be wary,  
but I haven't looked into it for the past two years.

pfSense is a FreeBSD-based firewall/routing OS, so you'd need to  
replace your existing FreeBSD routers with it, or add additional boxes.


Stefan

-- 
Stefan Bethke <stb@lassitu.de>   Fon +49 170 346 0140