Date: Thu, 13 Mar 2014 13:49:08 -0700 (PDT) From: Bill Tillman <btillman99@yahoo.com> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: VPN choices? Message-ID: <1394743748.27964.YahooMailNeo@web125303.mail.ne1.yahoo.com> In-Reply-To: <5321F437.25463.1EE12BF@g8kbvdave.gmail.com> References: <5321F437.25463.1EE12BF@g8kbvdave.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have had good luck with Open VPN, which is a port in FreeBSD. I can't say= I've done all that you referenced with it...Skype, etc.. But it's been wor= king just fine for my remote network needs. I have it on a server running i= nside of my firewall, which is also a FreeBSD server and I use NATD to redi= rect the port needed for VPN.=0A=0A=0A=0AOn Thursday, March 13, 2014 2:09 P= M, Dave B <g8kbvdave@googlemail.com> wrote:=0A =0AHi All.=0A=0AA question f= or the collective.=A0 I'm asking here, as I trust the opinions of the =0Aa= ssembled masses, over some other (perhaps) more appropriated lists.=0A=0AAn= yway...=0A=0AI have a need for a simple VPN, to tunnel TCP and UDP trafic.= =A0 It's the UDP =0Arequiement that's stumping me at present.=0A=0AI want = to recreate something I did a few years ago.=A0 (Remote control my Ham =0AR= adio station, from my desk at lunchtime, and when stuck in a hotel when =0A= traveling for work.)=0A=0AThe VPN I used at that time was "Hamachi" on wind= ows boxes both ends.=A0 =0ANothing wrong with it, it was easy to setup, rob= ust, fast and reliable, and =0Acarried all protocols without issue.=A0 But= , alas Hamachi is no more in that guise, =0Asince the '5 dot' IP addresses = were finaly released for routable internet use.=A0 =0AThat, and the no-cost= personal option of service was removed by LMI who =0Abought it from it's a= uthors.=0A=0AAll I need, is a single instance of a remote to home link, to = tunnel UDP/TCP =0Atraffic.=A0 IPV4 only too.=A0 (No danger of my ISP moving= to IPV6 for home users at =0Aleast, in the forseeable future.)=0A=0ASo, wh= at choices...=0A=0AAt the home end, I have the FBSD9.2 box ticking away nic= ely, and I regularly =0ASSH into that and can do a lot of what I want over = that path with PuTTY on the =0Aportable (Windows7/64) box.=A0 It "just wor= ks."=A0 But, it doesn't do UDP.=0A=0ASo, I have to use Skype (or similar) = for the sound path at present.=A0 That's =0Awhere the issues lie.=A0 Band= width!=A0 Skype works OK, fine indeed here in the UK, =0Abut if either my d= omestic management is on Skype to her sister, or here at =0Awork, people ar= e streaming music or video at lunchtime, then our 20MEG link =0Agets satura= ted, or if I'm out in whereverland, bandwidth is scarce (some hotel =0Asyst= ems actively block it too.)=A0 I'm stumped.=0A=0AWhat would the collective = recommend, for either a simple UDP tunnel (only =0Aobscurity needed for pri= vacy, and of course no back doors) to run alongside the =0Asshd service.=0A= =0AOr a full blown minimal VPN.=A0 The "remote" end, is a ubiquitous Windo= ws7 =0A(64bit) laptop, that already has all the usual MS based VPN client t= ools that =0Awork OK when traveling as I can easily get back to the office = network.=A0 Would =0Athat carry UDP?=A0 If so, is there a FBSD service I = can install to support that?=A0 =0ASo, not needing any extra software on th= e laptop.=0A=0AElse, what sensible choices please?=A0 Whatever it is, it h= as to be suitable for a =0Abear of simple brain capacity to handle, when so= mething burps some way in the =0Afuture.=A0 =0A=0A73.=0A=0ADave B.=0A(G0WBX= )=0A=0A=0A_______________________________________________=0Afreebsd-questio= ns@freebsd.org mailing list=0Ahttp://lists.freebsd.org/mailman/listinfo/fre= ebsd-questions=0ATo unsubscribe, send any mail to "freebsd-questions-unsubs= cribe@freebsd.org" From owner-freebsd-questions@FreeBSD.ORG Thu Mar 13 20:54:05 2014 Return-Path: <owner-freebsd-questions@FreeBSD.ORG> Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 79095E95 for <freebsd-questions@freebsd.org>; Thu, 13 Mar 2014 20:54:05 +0000 (UTC) Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 0CA83DC7 for <freebsd-questions@freebsd.org>; Thu, 13 Mar 2014 20:54:04 +0000 (UTC) Received: by mail-wi0-f170.google.com with SMTP id n15so4097444wiw.3 for <freebsd-questions@freebsd.org>; Thu, 13 Mar 2014 13:54:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:to:date:mime-version:subject:message-id:priority:in-reply-to :references:content-type:content-transfer-encoding :content-description; bh=Hj+RljKRdTr0rV21+qtAyQlD2+0c0Z0FOS6gmcHdsv4=; b=kXR9AEKBN3nisPOpyYd5/BJaQ7c4yR+pxxa8UKOLhxhwspPWrNPCMpGrwhK7a9CHTb +grlNVdckP7Mzk1mtYCIv7Uok2LemKlwzIaTpk/lb49KKKEpd5LgFJV7INkBwD1aAzB8 0bSLCC6o1Q4oOeKsU4Jgme9uZprdkY6og4iHPeYUiSB//0u9iW1qfVlQPI5x5+QEVkMs Vl8m2+Dtpe20kHGopuMTvrbCjVBFXi2YTTJ7t9Kj7Vspd6qpZ4B8WN9yzURSujysfZ4M aUC8kOpGcv5N3Ace5eukitG79gkcZr0CV5ZixMH+4xPDPS7j3qnR/isgD8ZDf5kRr/3T Lxrw== X-Received: by 10.194.143.40 with SMTP id sb8mr3462443wjb.15.1394744043400; Thu, 13 Mar 2014 13:54:03 -0700 (PDT) Received: from [192.168.42.17] (dyn-62-56-62-21.dslaccess.co.uk. [62.56.62.21]) by mx.google.com with ESMTPSA id ee5sm10629670wib.8.2014.03.13.13.54.02 for <freebsd-questions@freebsd.org> (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 13 Mar 2014 13:54:02 -0700 (PDT) From: Dave B <g8kbvdave@googlemail.com> To: freebsd-questions@freebsd.org Date: Thu, 13 Mar 2014 20:53:50 -0000 MIME-Version: 1.0 Subject: Re: VPN choices? Message-ID: <53221ADE.26211.1543C5EC@g8kbvdave.gmail.com> Priority: normal In-reply-to: <0DAC6B28-ECAE-4EEE-87C3-694DF003A25D@mac.com> References: <5321F437.25463.1EE12BF@g8kbvdave.gmail.com>, <0DAC6B28-ECAE-4EEE-87C3-694DF003A25D@mac.com> X-mailer: Pegasus Mail for Windows (4.62) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions <freebsd-questions.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>; List-Post: <mailto:freebsd-questions@freebsd.org> List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=subscribe> X-List-Received-Date: Thu, 13 Mar 2014 20:54:05 -0000 > > On Mar 13, 2014, at 10:08, Dave B <g8kbvdave@googlemail.com> wrote: > > > > Hi All. > > > > A question for the collective. I'm asking here, as I trust the opinions of the > > assembled masses, over some other (perhaps) more appropriated lists. > > > > Anyway... > > > > I have a need for a simple VPN, to tunnel TCP and UDP trafic. It's the UDP > > requiement that's stumping me at present. > > > > > I found this useful in setting up a VPN: > > https://forums.freebsd.org/viewtopic.php?&t=26755 Thanks Peter, I keep forgetting the web forums, as I hate them with a vengance! (Another story, another time.) Intetesting thread though, not sure how relevant it is to a Windows client, as all that was talking about iOS and other wierdness. My DSL router supports L2TP VPN's, but Windows will not complete the connection process. They see each other just fine, but looking at the router's log's, there is a version mismatch somewhere, so they can't agree on a protocol etc. (That idea was suggested by the office IT types!) Would the generic kernel in 9.2 include the "patches" called out in "Post #82". (dead link btw.) But, I wonder... If I go that route, rather than recompiling the kernel to support ipsec etc, if "/boot/loader.conf" can be used, in the same way I've enabled PPS support for the NTPD process, in 9.2 "pps_load=yes" At least I can do system updates without needing to rebuild the kernel each time. (Looking in loader defaults, I can't see anything related to what could be needed. Oh well...) More reading to do, but I'm "read out" just now. Thanks again. Dave B.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1394743748.27964.YahooMailNeo>