Date: 31 Jan 2003 20:52:32 -0500 From: Joe Marcus Clarke <marcus@marcuscom.com> To: Sean Chittenden <sean@chittenden.org> Cc: Christoph Kukulies <kuku@physik.rwth-aachen.de>, freebsd-current@FreeBSD.ORG Subject: Re: Cisco vpnclient Message-ID: <1044064351.46355.51.camel@shumai.marcuscom.com> In-Reply-To: <20030201012800.GH15936@perrin.int.nxad.com> References: <200301311053.LAA25242@accms33.physik.rwth-aachen.de> <20030201012800.GH15936@perrin.int.nxad.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-oNcRPXdglKlO795dZXmZ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2003-01-31 at 20:28, Sean Chittenden wrote: > > Cisco is offering a VPN client for Linux. I wonder if it would be > > possible to run this under FreeBSD. An extra linux kernel module is > > being built. Is this already the 'ruled out'? > >=20 > > If this won't work, I'm afraid I will have to set a dedicated redhat > > 6.x/7.x beside my FreeBSD gateway. Would it be possible to use NAT > > to extend the VPN (I only have one dedicated fixed IP on the > > gateway). >=20 > Might I suggest using pppd + ssh. In my prior experience, it worked > worlds better than the Cisco VPN client and was likely provided a more > secure authentication (ssh keys vs. IKE?). As an added bonus, it ssh > + pppd doesn't hijack your interface so you can connect to the > Internet directly and to your office without having to send your > normal Internet traffic through the office. Yes there are security > problems with this, but running ipf(w) on the split host works > exceedingly well and is generally a tighter firewall than what's put > up to protect the office. ;) -sc This is actually what I use to connect into Cisco (well, I use ppp+ssh). The downside is that right now, my "VPN concentrator" is being moved from one building to another, and I have no FreeBSD connectivity. Also, other companies might only allow inbound access via a proprietary VPN client. For those that also offer SSH, you're right, my make-shift VPN is much more flexible that what the Cisco VPN client provides. Joe --=20 PGP Key : http://www.marcuscom.com/pgp.asc --=-oNcRPXdglKlO795dZXmZ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+Oyhfb2iPiv4Uz4cRAifXAJ98QVxZ8PQVJRO3i6ziCw/0EAYejwCeO/Nu SnguDc1D3R2rDrUUgjpOE8g= =xu1T -----END PGP SIGNATURE----- --=-oNcRPXdglKlO795dZXmZ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1044064351.46355.51.camel>