VPN server

Aaron Burke aburke at nullplusone.com
Thu Jun 10 02:39:01 PDT 2004 

> I am looking for some recomendations for a powerful (yet simple if
> possible) VPN server.
You have two options, there is 'mpd' and 'PoPToP'. I have run them
both, but mpd seems to support Microsoft clients with less hassle
(at least in my experience).

> At present I will need to only have access to one other network in a
> different office running Win2K PPTP. Hopefully I will need to expand in
> the future to other networks that may or may not be MS based.
This can be done using ip routing. You can create a static route
between the two networks on the PPTP server and client. The windows
client will get its configuation data from the VPN Server (FreeBSD).
However, You may want to add a static route to FreeBSD that will
send remote LAN specific traffic down the VPN link. Pretend that
your remote network in the office is numbered 192.168.20.1/24.
myUnix# route add -net 192.168.20 192.168.20.1 255.255.255.0

One other thing to disable (its on by default) is that the Windows
implimentation of the VPN client will route all traffic over the VPN.
I doubt that this is what you want, and you can disable it in the
VPN/PPTP connection properties on the windows machine. In Windows XP
Professional, I do the following.
	Open the VPN Connection Properties.
	Select the "Networking" Tab.
	Select "Internet Protocol (TCP/IP)" and click properties.
	Click on "Advanceed".
	Uncheck "Use default gateway on remote network".

Both products (mpd and poptop) will work, but they both require a
little bit of configuration. The current mpd in the ports tree has
some examples you may want to look at.

> I would like if possible for the connections to be completly transparent
> to a user. Best case senario is the user signs on to thier FreeBSD (I am
> in a mixed network so there are a few XP systems also) system and opens up
> an application (or browse to a share on the other network) that connects
> to the other network and it connects without any more user intervention.
Well, if you have a FreeBSD box in both places, there are lots of
other options as well. My friend Nick runs a FreeBSD machine and we
use a 'gif' tunnel (IPv4 over IPv4) with IPSec encrypting the data
before it goes over the wire. There other solutions as well such as
'nos-tun'. I think that 'nos-tun' is part of the base installation and uses
the 'tun' device (part of the GENERIC kernel) by default.

>
> LOL I am not asking much am I?
Not at all. '-questions' is a good place for this question. In fact if
you search through the archives, I have posted similar VPN questions in
the past to this same list.

>
> Thank you,
> Joshua Lewis

Aaron Burke
(private email address because I HATE spam)

More information about the freebsd-questions mailing list