Date: Wed, 25 Jan 2006 15:21:08 +0100 From: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> To: freebsd-security@freebsd.org Subject: Re: IPsec, VPN and FreeBSD Message-ID: <20060125142108.GB682@zen.inc> In-Reply-To: <20060125021915.59670.qmail@web52102.mail.yahoo.com> References: <43D6D1CD.5060504@elischer.org> <20060125021915.59670.qmail@web52102.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 24, 2006 at 06:19:15PM -0800, gahn wrote: [....] > As to the roaming users, very unlikely there will be > dial-up line, but those users could be on road and > using ISPs to connect the internal lab. both sites are > labs. > > I will try the roaming clients<--->freebsd vpn server > first. IPsec with dynamic remote IPs is not as difficult, especially with racoon's generate_policy option, but you'll need to know what you are doing: Aggressive mode + PSK is known to be less secure than other modes, Main mode + PSK can't be done with remote dynamic IPs, and Main mode + X509 certificates need to have some X509 certificates knowledge... But it CAN be done, it is probably NOT the most easy way of doing things, but it is probably the most secure, the most interoperable and the most "easy" to administrate when it's in production... Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060125142108.GB682>