OpenBSD VPN

Ryan McBride mcbride at COUNTERSIEGE.COM
Sun Jan 7 20:18:14 EST 2001


On Sat, Jan 06, 2001 at 01:35:27PM -0800, Baumgardner, James wrote:
> I'm wanting to setup a VPN to connect my main office to 2 smaller branch
> ofices.  I'm going to use OpenBSD to connect them, but I am at a loss on
> how to allow individual dial-up people in the field to connect to the VPN.
> Can anyone recommend a good client software, and some help on configuring
> the server side to allow connections?  I've read up enough to do the
> static connections, but can't seem to figure out the others.

The OpenBSD IPSec FAQ has a lot of good information, including a list
of windows clients:
	http://www.openbsd.org/faq/faq13.html


Client:

I have had good experiences (both with OpenBSD and other VPN Gateways)
with the SafeNet Soft-PK client (The same client listed as Cisco IRE
in the above FAQ.)


Configuration:

Last time I checked there was a good description of setting up a
dial-up client using x509 authentication with OpenBSD at
http://hem.passagen.se/hojg/isakmpd/ but I can't seem to connect to
this server now. Maybe it'll be up by the time you get this :-)

Here is some information on making it work with Win2K's IPSEC, using
shared secrets:
	http://wwwcip.informatik.uni-erlangen.de/~msfriedl/ipsec-win2k/

There are also some gems of information in the OpenBSD misc@ and tech@
mailing list archives. You might want to do some searching yourself,
but I found this with a quick search:
	http://www.sigmasoft.com/~openbsd/archive/openbsd-misc/199912/msg01436.html


That's all I could think of off the top of my head; I don't have my
configuration files for the SafeNet Soft-PK client, but I can dig
those up if you're interested.

-Ryan

--
Ryan McBride - mcbride at countersiege.com
Systems Security Consultant
Countersiege Systems Corporation - http://www.countersiege.com

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list