Date: Fri, 9 May 2003 11:52:55 -0700 From: "Brent Wiese" <brently@bjwcs.com> To: "'Paul Lathrop'" <plathrop@mqtweb.com>, <freebsd-questions@FreeBSD.ORG> Subject: RE: IPSec, Racoon, and roaming clients Message-ID: <015401c3165c$344ed610$0a0114ac@home.bjwcs.com>
next in thread | raw e-mail | index | archive | help
Forgot to mention one more thing... If you do decide to use mpd, make = sure you have "gateway_enable=3Dyes" in your rc.conf. I'm guessing you do = since you're using it as a gateway already, but this obvious thing threw me = for a long time because you tend to not read the readme files when installing ports... :) Oh, and don't forget to set up the correct firewall rules so that = gateway is secure, but you probably knew that too. > This is a tricky setup. >=20 > If your roaming users are Windows, I'd suggest checking out=20 > mpd instead. Then your windows clients can use the built in=20 > PPTP stuff, which is much easier to support than ipsec. Just=20 > make sure you use MSCHAP-V2 for auth, not chap or mschap-v1. >=20 > PPTP uses the GRE protocol so make sure you're not blocking that. >=20 > Actually, even using mpd as a client on unix boxes can make=20 > roaming users much easier to deal with. >=20 > Something you may want to consider is replacing your freebsd=20 > gateway w/ a Snapgear (www.snapgear.com). Has all the VPN=20 > stuff you want, its cheap, powerful (full firewalling=20 > capabilities) and really easy to use. Pays for itself in=20 > saved time, plus, since there are no moving parts, less=20 > chances of breakage and downtime... >=20 > Brent >=20 > > -----Original Message----- > > From: owner-freebsd-questions@freebsd.org > > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of=20 > Paul Lathrop > > Sent: Saturday, April 26, 2003 12:59 PM > > To: freebsd-questions@freebsd.org > > Subject: IPSec, Racoon, and roaming clients > >=20 > >=20 > > I have recently been asked to implement VPN access for some of our > > roaming employees. Our gateway is a FreeBSD 4.7 box that I=20 > > administer.=20 > > Our employees are all on cablemodem connections when they=20 > are out and=20 > > about. I have discovered IPSec and racoon, of course, and=20 > dug through=20 > > their documentation. I have also read several very good=20 > tutorials on=20 > > the web. The trouble I am having is that all the information=20 > > I can find=20 > > is for setting up a VPN tunnel between two gateways. What I=20 > need is a=20 > > VPN connection between a roaming host (with a dynamic IP)=20 > and our VPN=20 > > gateway (static IP) which will allow access to the internal network=20 > > behind that gateway (private IP addresses). I have successfully=20 > > established the VPN connection between a roaming host and the=20 > > gateway,=20 > > but without access to the internal network. I can't seem to=20 > > figure out=20 > > how to tell setkey to configure a tunnel into the network without=20 > > knowing ahead of time what the client's IP will be. > >=20 > > Can anybody give me some pointers? > >=20 > > Thanks, > > Paul D. Lathrop > >=20 > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-> questions > >=20 > > To unsubscribe, send any mail to > > "freebsd-questions-unsubscribe@freebsd.org" > >=20 > >=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?015401c3165c$344ed610$0a0114ac>