Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 10 Jul 1999 00:25:18 -0600
From:      Chris Fedde <cfedde@fedde.littleton.co.us>
To:        "Jon Passki" <jon.passki@neicoltech.org>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Oh, boy, another VPN question 
Message-ID:  <199907100625.AAA98058@fedde.littleton.co.us>
In-Reply-To: Your message of "Fri, 09 Jul 1999 14:44:39 CDT." <000201beca43$7b2cb660$af00a8c0@lp020001.neicoltech.org> 

next in thread | previous in thread | raw e-mail | index | archive | help
I take it from the discussion that the link labeled "Internet Connection"
is some kind of personal connection like dialup? If it were simply linking
two lans via the internet then it would be a lot easier.  A product VPN
could be dropped in place at each site.

If all the applications can be accessed via a terminal session or
via x-windows then you can use SSH and one of the windows X clients
(hummingbird?)

But if you need true VPN services then you will almost be forced
to use Microsoft's solution for the WinTel clients.  You may need
to run a RAS server inside the FreeBSD gateway.  The natd and
ipfirewall stuff can provide the needed pass through without going
to a full application layer proxy.

Have fun!
chris

"Jon Passki" writes:
    Okay, I've browsed the mail archive on http://www.freebsd.org and
    http://www.deja.com for a FreeBSD + VPN solution w/ interoperability on a
    Windows NT network.  SKIP, NATD/IPFW, IPFilter, IPSec, SSH, yadda yadda
    yadda... I'll lay out the scenario, and see what the guru's say :)
    
    ----------
    | Client |   Microsoft Client (95, 98, NT) Primarily.
    ----------   FreeBSD Client Secondary.
         |       Internet Connection, don't care how the client connects
         |       just that their client software supports the connection.
         |
      Internet
     Connection
         |
    ------------------
    | Uplink's Cisco |
    | 3000 Router    |
    ------------------
         | x.x.x.254  (x.x.x.0/24 is a registered range)
         |
         | x.x.x.231 (fxp0)
    --------------
    |DMZ Gateway | FreeBSD 3.2 w/ NATD/IPFW and DHCP on the internal
    --------------
         | 192.168.0.1 (vx0)
         |
         | 192.168.0.0/16
    ]--------------[
    NT Network w/ a variety of servers needed for internal development, file
    access, and other resources
    
    What have people used or seen to let a client (running whatever client
    software) get access to the internal network, and access the internal
    resources (printers, file servers, ...)?  I DON'T want to have an NT Server
    on the DMZ (I ph33r NT's security :), so the choice is to incorporate eithe
   r
    a proxy into the FreeBSD box, or to configure the existing setup.
    
    Would there be a better solution other to any I have suggestion?
    
    Jon Passki
    
    
    
    To Unsubscribe: send mail to majordomo@FreeBSD.org
    with "unsubscribe freebsd-questions" in the body of the message
__
Chris Fedde	  <cfedde@sendmail.com>
303 773 9134


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907100625.AAA98058>