VPN questions
Eric Crist
ecrist at secure-computing.net
Wed Oct 27 17:23:11 PDT 2004
On Oct 27, 2004, at 3:38 AM, Erik Norgaard wrote:
> Hi,
>
> I am looking at how to implement VPN but I'm getting confused as to how
> IPSec, IKE, OpenSSL, FreeSWAN, racoon etc. all fit into the picture. I
> am looking at two scenarios, and I have two questions.
>
> 1) Standard IPSec tunnel:
>
> +----+ IPSec/VPN +----+
> LAN---| FW |-----------| FW |---LAN
> +----+ +----+
>
> In this scenario: Can CARP/pf handle VPN/IPSec connections incase the
> master unit fails? (I am assuming that both ends have fixed public
> routable ip's).
>
> 2) VPN for mobile users
>
> +----+ VPN +-----+
> LAN---| FW |-----------| FW? |---[mobile unit]
> +----+ +-----+
>
> For mobile users I can't be sure where they are, their ip, or if they
> are behind NAT/firewall, nor can I trust the network until the mobile
> unit.
>
> IPSec breaks behind NAT, are there other altertives than ssh-tunnels I
> should take a look at? (which? :-)
>
> Thanks, Erik
> --
> Ph: +34.666334818 web:
> www.locolomo.org
> S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
> Subject ID:
> A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
> Fingerprint:
> 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2
Take a look at mpd in the ports tree for the mobile connections. I use
it on a regular basis, and it is really easy to setup. Also, unlike
poptop, mpd supports encryption. My particular setup is for 128-bit
encryption and I allow 3 different connections at once.
HTH
-----
Eric F Crist
Secure Computing Networks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20041027/1577e195/PGP.bin
More information about the freebsd-questions
mailing list