IPSec, Racoon, and roaming clients
brently at bjwcs.com
Fri May 9 11:53:01 PDT 2003
Forgot to mention one more thing... If you do decide to use mpd, make sure
you have "gateway_enable=yes" in your rc.conf. I'm guessing you do since
you're using it as a gateway already, but this obvious thing threw me for a
long time because you tend to not read the readme files when installing
Oh, and don't forget to set up the correct firewall rules so that gateway is
secure, but you probably knew that too.
> This is a tricky setup.
> If your roaming users are Windows, I'd suggest checking out
> mpd instead. Then your windows clients can use the built in
> PPTP stuff, which is much easier to support than ipsec. Just
> make sure you use MSCHAP-V2 for auth, not chap or mschap-v1.
> PPTP uses the GRE protocol so make sure you're not blocking that.
> Actually, even using mpd as a client on unix boxes can make
> roaming users much easier to deal with.
> Something you may want to consider is replacing your freebsd
> gateway w/ a Snapgear (www.snapgear.com). Has all the VPN
> stuff you want, its cheap, powerful (full firewalling
> capabilities) and really easy to use. Pays for itself in
> saved time, plus, since there are no moving parts, less
> chances of breakage and downtime...
> > -----Original Message-----
> > From: owner-freebsd-questions at freebsd.org
> > [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of
> Paul Lathrop
> > Sent: Saturday, April 26, 2003 12:59 PM
> > To: freebsd-questions at freebsd.org
> > Subject: IPSec, Racoon, and roaming clients
> > I have recently been asked to implement VPN access for some of our
> > roaming employees. Our gateway is a FreeBSD 4.7 box that I
> > administer.
> > Our employees are all on cablemodem connections when they
> are out and
> > about. I have discovered IPSec and racoon, of course, and
> dug through
> > their documentation. I have also read several very good
> tutorials on
> > the web. The trouble I am having is that all the information
> > I can find
> > is for setting up a VPN tunnel between two gateways. What I
> need is a
> > VPN connection between a roaming host (with a dynamic IP)
> and our VPN
> > gateway (static IP) which will allow access to the internal network
> > behind that gateway (private IP addresses). I have successfully
> > established the VPN connection between a roaming host and the
> > gateway,
> > but without access to the internal network. I can't seem to
> > figure out
> > how to tell setkey to configure a tunnel into the network without
> > knowing ahead of time what the client's IP will be.
> > Can anybody give me some pointers?
> > Thanks,
> > Paul D. Lathrop
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-> questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions