Date: Sat, 28 Apr 2001 10:47:18 -0400 (EDT) From: Jim Durham <durham@w2xo.pgh.pa.us> To: =?iso-8859-1?Q?Jes=FAs_Arn=E1iz?= <arnaiz@encomix.es> Cc: questions@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: RV: VPN Message-ID: <Pine.BSF.4.21.0104281029330.35944-100000@shazam.int> In-Reply-To: <EPEJLCLAKFDENCGMPJJDAEPHDEAA.arnaiz@encomix.es>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 26 Apr 2001, [iso-8859-1] Jes=FAs Arn=E1iz wrote: >=20 > I want to set VPN on my system, I see there is many programs created to d= o it. >=20 > Any advantages or disadvantages of using one or other?. What is better (i= s the first > time I set VPN on a UNIX system).? >=20 >=20 I am using two VPN systems. For GRE (Windows clients to a LAN), and one from LAN-to-LAN. LAN-to-LAN, vtund running PPP over it works fairly well. About the only shortcoming is that the "persist" option to re-establish connection in case of network failure gets confused in the face of many interruptions too close together. vtund is fairly well documented, so I won't include a config file example, but I can supply one if asked. I have found mpd to work very well for GRE. It uses the netgraph interface and this is automatically loaded as a kernel module. Here is a a config file example: Note that "pptp2, pptp3" , etc entries are necessary. You need as many "pptpx" entries in the config file as the number of simultaneous connections you allow. Note the only differences in the entries are the label, the address, and the logging line. ************************************************************************* default: =09load pptp1 =09load pptp2 =09load pptp3 pptp1: =09new -i ng0 pptp1 pptp1 =09set iface disable on-demand =09set iface enable proxy-arp =09set iface idle 1800 =09set bundle disable multilink =09set link yes acfcomp protocomp =09set link no pap chap =09set link enable chap =09set link keep-alive 10 60 =09set ipcp yes vjcomp =09set ipcp ranges 192.168.0.200/32 192.168.0.220/32 =09set ipcp dns 192.168.0.240 =09set ipcp nbns 192.168.0.244 =09log +pptp +pptp2 # If you wanted MPPE encryption and had ng_mppc(8)... =09set bundle enable compression =09set ccp yes mppc =09set ccp yes mpp-e40 =09set ccp yes mpp-e128 =09set bundle enable crypt-reqd =09set ccp yes mpp-stateless The changes for the second entry are only to these lines: pptp2: =09new -i ng1 pptp2 pptp2 =09set ipcp ranges 192.168.0.200/32 192.168.0.221/32 =09log +pptp +pptp2 hope this helps.. Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104281029330.35944-100000>