VPN questions
Aaron P. Martinez
ml at proficuous.com
Wed Oct 27 05:03:18 PDT 2004
On Wed, 2004-10-27 at 03:38, Erik Norgaard wrote:
> Hi,
>
> I am looking at how to implement VPN but I'm getting confused as to how
> IPSec, IKE, OpenSSL, FreeSWAN, racoon etc. all fit into the picture. I
> am looking at two scenarios, and I have two questions.
>
> 1) Standard IPSec tunnel:
>
> +----+ IPSec/VPN +----+
> LAN---| FW |-----------| FW |---LAN
> +----+ +----+
>
> In this scenario: Can CARP/pf handle VPN/IPSec connections incase the
> master unit fails? (I am assuming that both ends have fixed public
> routable ip's).
>
> 2) VPN for mobile users
>
> +----+ VPN +-----+
> LAN---| FW |-----------| FW? |---[mobile unit]
> +----+ +-----+
>
> For mobile users I can't be sure where they are, their ip, or if they
> are behind NAT/firewall, nor can I trust the network until the mobile unit.
>
> IPSec breaks behind NAT, are there other altertives than ssh-tunnels I
> should take a look at? (which? :-)
I suggest looking at openvpn, it is a ssl based vpn that is fairly easy
to set up. I might shy away from freeswan as it is for the most part
out of development, only one more rollup and that's it.
>
> Thanks, Erik
> --
> Ph: +34.666334818 web: www.locolomo.org
> S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
> Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
> Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
Aaron
More information about the freebsd-questions
mailing list