From owner-freebsd-security  Sat Sep 23  4:19:48 2000
Delivered-To: freebsd-security@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7F3D037B422; Sat, 23 Sep 2000 04:19:43 -0700 (PDT)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id EAA90223;
	Sat, 23 Sep 2000 04:19:43 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Sat, 23 Sep 2000 04:19:43 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: Yusuf Goolamabbas <yusufg@outblaze.com>
Cc: freebsd-security@freebsd.org
Subject: Re: Is it possible to configure a FreeBSD VPN server to talk to
 Windows/Linux/BSD clients
In-Reply-To: <20000923180845.A26238@outblaze.com>
Message-ID: <Pine.BSF.4.21.0009230417050.89914-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, 23 Sep 2000, Yusuf Goolamabbas wrote:

> Hi, I currently have a FreeBSD 4.1-stable bridging firewall behind my
> router. I am looking at providing VPN access to road warriors and
> telecommuters. There are a range of clients I would have to support. 
> 
> Is it possible to configure a BSD boxen to do all this. Can I install it
> on my existing bridging firewall or the new box has to behind/in front
> of the firewall
> 
> If so, any pointers/guidance would be appreciated. I would prefer to use
> freely available software on all platforms but if you have war stories
> on how/why commercial stuff worked for you, that is okay with me

FreeBSD 4.1 includes full IPSEC functionality - see the racoon port for
the KAME IKE daemon (as well as the relevant kernel options documented in
LINT). I believe racoon interoperates with Windows 2000 and FreeSWAN on
Linux (among others) - see www.kame.net and the docs included in the port
distfile for more information. General information on ipsec can be found
in the freebsd and netbsd handbooks (they use the same ipsec code as us).

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message