VPN through BSD for Win2k, totally baffled

• Previous message: Danny Carroll: "Re: how to configure a FreeBSD firewall to pass IPSec?"
• Next in thread: Brett Glass: "Re: VPN through BSD for Win2k, totally baffled"
• Reply: Brett Glass: "Re: VPN through BSD for Win2k, totally baffled"
• Reply: Greg Panula: "Re: VPN through BSD for Win2k, totally baffled"
• Reply: Jacques A. Vidrine: "Re: VPN through BSD for Win2k, totally baffled"
• Maybe reply: The Anarcat: "Re: VPN through BSD for Win2k, totally baffled"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: FreeBSD Security <freebsd-security@FreeBSD.org>
Date: Wed, 7 May 2003 19:21:33 -0700

Scenario:
FreeBSD box running IPFW acting as a gateway to private network. The private
network is made up of entirely routeable IP addresses. External users
running Win2k and XP on DSL connections with dynamic IPs.

Goal:
To have the FreeBSD gateway securely authenticate and encrypt the traffic
between the outside users and the internal network.

I've spent the last 3 days running up and down Google and reading any books
that approach the subject of setting up a VPN. The further down this road
I've travelled the more confused I am.

I assume the following:
 * Need to have a certificate setup with OpenSSL.
 * Racoon needs to deal with a key exchange.
 * Some kind of tunneling gets put into play.
 * Setkey needs appropriate policies.

I happened across the Google cache of a tutorial that seems to cover this
subject. There seems to be a couple of key points missing, as well as some
apparently out of date syntax. I did manage to create a CA and client cert
from a mix of this tutorial and the AbsoluteBSD book.

http://216.239.37.104/search?q=cache:mFG0kB-ghLoC:www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO-2.html+FreeBSD-WIN2K-IPSEC-HOWTO-2.html&hl=en&lr=lang_en&ie=UTF-8

Managed to get a certificate generated from that process installed on a test
XP box per the following...

http://216.239.33.104/search?q=cache:FFxjH0VQGD0C:www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO-4.html+FreeBSD-WIN2K-IPSEC-HOWTO-4.html&hl=en&lr=lang_en&ie=UTF-8

Where I totally lost it was on the FreeBSD setup. The author is referring to
certificates that he never described how they should be created. I didn't
know what in the heck to do here.

http://216.239.33.104/search?q=cache:oNMJe4EHOu4C:www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO-3.html+FreeBSD-WIN2K-IPSEC-HOWTO-3.html&hl=en&lr=lang_en&ie=UTF-8

Am I even on the right path? Aside from this one tutorial I've been through
several others, as well as looking at a variety of IPSec related pages.
There's obviously a number of different approaches out there to take, but I'm
simply looking for one that works. Just to know that I'm heading in the
correct direction or not would be an incredible help.

Thanks,

-- 
"Outside of a dog, a book is man's best friend. Inside of a dog, it's too dark 
to read."
 - Groucho Marx
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Danny Carroll: "Re: how to configure a FreeBSD firewall to pass IPSec?"
• Next in thread: Brett Glass: "Re: VPN through BSD for Win2k, totally baffled"
• Reply: Brett Glass: "Re: VPN through BSD for Win2k, totally baffled"
• Reply: Greg Panula: "Re: VPN through BSD for Win2k, totally baffled"
• Reply: Jacques A. Vidrine: "Re: VPN through BSD for Win2k, totally baffled"
• Maybe reply: The Anarcat: "Re: VPN through BSD for Win2k, totally baffled"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]