Date: Thu, 10 Aug 2006 09:09:38 +1000 From: "Christopher Martin" <chris.m@ebit.com.au> To: "'FreeBSD Questions Mailing List \(E-mail\)'" <questions@freebsd.org> Subject: RE: FreeBSD as a VPN Server/Router Message-ID: <00d101c6bc08$e3eb80a0$8902030a@ebit.com.au> In-Reply-To: <00c801c6bc04$f9be09b0$8902030a@ebit.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_00D2_01C6BC5C.B59790A0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit If OpenVPN seems like a bit much to tackle you could establish the link with an easy protocol like PPTP (PPTP can be added to pppd with the port /usr/ports/net/poptop) and then IPSec traffic traversing the link. Some even argue that this is a good idea because it's two layers of encryption (not to suggest that the PPTP encryption methods are a particular challenge to break), but they'll be a performance penalty to pay as well. Also, the load IPSec (or any encryption method for that matter) places on the encapsulating router is non-trivial, so be aware that if your hardware is a bit old you may get disappointing performance. I would suggest making the hardware at least current low end, or high end from a couple of years ago, to get the best performance. On side note, has anyone heard about the crypto lib for fast_ipsec and the Intel IPSec accelerated network cards (like the Pro 100/S)? I remember reading some time ago that there were, at the time, still issues getting the required info out of Intel to get the processor offloading working right. Is Intel still withholding the information? > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Christopher > Martin > Sent: Thursday, 10 August 2006 8:42 AM > To: FreeBSD Questions Mailing List (E-mail) > Subject: RE: FreeBSD as a VPN Server/Router > > > > > > > The FreeBSD Handbook has a chapter on this: > > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html > > > > HTH. > > > > The only problem with IPSec is you need static IP addresses for the > tunnelling mode (unless somebody knows something I don't, at > which point I'd > really like to hear about it!). > > OpenVPN is about as good as it gets stability wise, and can > customised, > hacked, and altered in any way you need. It can also use public key > authentication. > > ------=_NextPart_000_00D2_01C6BC5C.B59790A0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00d101c6bc08$e3eb80a0$8902030a>