FreeBSD as a VPN Server/Router

[Christopher Martin]

If OpenVPN seems like a bit much to tackle you could establish the link with
an easy protocol like PPTP (PPTP can be added to pppd with the port
/usr/ports/net/poptop) and then IPSec traffic traversing the link. Some even
argue that this is a good idea because it's two layers of encryption (not to
suggest that the PPTP encryption methods are a particular challenge to
break), but they'll be a performance penalty to pay as well.

Also, the load IPSec (or any encryption method for that matter) places on
the encapsulating router is non-trivial, so be aware that if your hardware
is a bit old you may get disappointing performance. I would suggest making
the hardware at least current low end, or high end from a couple of years
ago, to get the best performance.

On side note, has anyone heard about the crypto lib for fast_ipsec and the
Intel IPSec accelerated network cards (like the Pro 100/S)? I remember
reading some time ago that there were, at the time, still issues getting the
required info out of Intel to get the processor offloading working right. Is
Intel still withholding the information?

> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Christopher
> Martin
> Sent: Thursday, 10 August 2006 8:42 AM
> To: FreeBSD Questions Mailing List (E-mail)
> Subject: RE: FreeBSD as a VPN Server/Router
> 
> 
> 
> > 
> > The FreeBSD Handbook has a chapter on this:
> >    
> > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html
> > 
> > HTH.
> > 
> 
> The only problem with IPSec is you need static IP addresses for the
> tunnelling mode (unless somebody knows something I don't, at 
> which point I'd
> really like to hear about it!).
> 
> OpenVPN is about as good as it gets stability wise, and can 
> customised,
> hacked, and altered in any way you need. It can also use public key
> authentication.
> 
>