Date: Sat, 16 Jun 2001 11:20:40 -0700 From: "Dave Atkins" <dave@atkinshome.com> To: "'Joe Clarke'" <marcus@marcuscom.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: VPN Howto and software? Message-ID: <000a01c0f691$0d480b50$0300a8c0@dave> In-Reply-To: <20010616133246.H4205-100000@shumai.marcuscom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On the client side, what application/how do users initiate the connection to
the private network? Dial-up networking?
-----Original Message-----
From: Joe Clarke [mailto:marcus@marcuscom.com]
Sent: Saturday, June 16, 2001 10:41 AM
To: Dave Atkins
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: VPN Howto and software?
I did this using Netgraph's PPTP node with /usr/ports/net/mpd-netgraph.
This way, users in the field can connect in through the firewall. It
requires you to bunch two holes in the firewall, though. One for
1723/tcp, and the outher for GRE (Generic Routing Encapsulation, protocol
#47).
You'll first want to install /usr/ports/net/mpd-netgraph, and make sure
your system supports Netgraph. mpd comes with a really good example for
setting up both dial-on-demand VPNs using PPTP, as well as a dedicated
VPN (see /usr/local/share/doc/mpd/mpd30.html). PPTP supports MPPE 40 and
128-bit encryption. All Windows 2000 and 98 hosts will do 128-bit no
problem. Windows 95 hosts do 40-bit only from what I can tell.
After setting up MPD (let me know if you'd like to see my examples after
you read through the docs), you'll need to punch the holes in the FW. I
use ipfw, with the commands:
ipfw add pass tcp from any to ${oip} 1723 keep-state
ipfw add pass log gre from any to ${oip}
Joe Clarke
Let me know if you have specific questions.
On Sat, 16 Jun 2001, Dave Atkins wrote:
> Is there an up-to-date online resource showing what software is needed and
> how to configure a VPN through a FreeBSD 4.3 firewall?
>
> 1) I am looking for a free solution - I have no money to spend on this
> 2) I need a solution that will work primarily between Windows NT, 2000,
and
> 98 machines.
>
> Basically, instead of punching a bunch of holes in my home firewall, I
would
> rather set up a VPN, then use that to access my home network from work.
> Terminal Services in Windows 2K works fine for my Win2K server and
clients,
> but I have an old NT box at home and I need to access it from Win98 or
other
> NT machines at times.
>
> I have used products like AltaVista Tunnel and Infoexpress VTCP/SECURE in
> the past, but they cost way more money than I want to spend for what is
> basically a convenience item for me.
>
> Thanks
> Dave Atkins
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000a01c0f691$0d480b50$0300a8c0>