VPN through BSD for Win2k, totally baffled
Brett Glass
brett at lariat.org
Wed May 7 21:04:47 PDT 2003
I've been using PPTP for this purpose. Microsoft's PPTP implementation
is pretty brain dead, but if you're willing to bend the configuration
of your network a little to accommodate it and configure your clients
carefully, you can set up a VPN that's accessible from most versions
of Windows. Not super-secure, but secure enough for most purposes.
I have been interested in trying L2TP, but am not sure about the
stability of the server software for FreeBSD. And I can't find
a FreeBSD client. (There's an L2TP netgraph node, but there are
no docs on how to use it with mpd and likewise nothing on how to
use it with userland PPP.)
--Brett
At 08:21 PM 5/7/2003, Michael Collette wrote:
>Scenario:
>FreeBSD box running IPFW acting as a gateway to private network. The private
>network is made up of entirely routeable IP addresses. External users
>running Win2k and XP on DSL connections with dynamic IPs.
>
>Goal:
>To have the FreeBSD gateway securely authenticate and encrypt the traffic
>between the outside users and the internal network.
>
>
>I've spent the last 3 days running up and down Google and reading any books
>that approach the subject of setting up a VPN. The further down this road
>I've travelled the more confused I am.
>
>I assume the following:
> * Need to have a certificate setup with OpenSSL.
> * Racoon needs to deal with a key exchange.
> * Some kind of tunneling gets put into play.
> * Setkey needs appropriate policies.
>
>I happened across the Google cache of a tutorial that seems to cover this
>subject. There seems to be a couple of key points missing, as well as some
>apparently out of date syntax. I did manage to create a CA and client cert
>from a mix of this tutorial and the AbsoluteBSD book.
>
>http://216.239.37.104/search?q=cache:mFG0kB-ghLoC:www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO-2.html+FreeBSD-WIN2K-IPSEC-HOWTO-2.html&hl=en&lr=lang_en&ie=UTF-8
>
>Managed to get a certificate generated from that process installed on a test
>XP box per the following...
>
>http://216.239.33.104/search?q=cache:FFxjH0VQGD0C:www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO-4.html+FreeBSD-WIN2K-IPSEC-HOWTO-4.html&hl=en&lr=lang_en&ie=UTF-8
>
>Where I totally lost it was on the FreeBSD setup. The author is referring to
>certificates that he never described how they should be created. I didn't
>know what in the heck to do here.
>
>http://216.239.33.104/search?q=cache:oNMJe4EHOu4C:www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO-3.html+FreeBSD-WIN2K-IPSEC-HOWTO-3.html&hl=en&lr=lang_en&ie=UTF-8
>
>Am I even on the right path? Aside from this one tutorial I've been through
>several others, as well as looking at a variety of IPSec related pages.
>There's obviously a number of different approaches out there to take, but I'm
>simply looking for one that works. Just to know that I'm heading in the
>correct direction or not would be an incredible help.
>
>Thanks,
>--
>"Outside of a dog, a book is man's best friend. Inside of a dog, it's too dark
>to read."
> - Groucho Marx
>_______________________________________________
>freebsd-security at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list