--On 07 September 2005 14:08 +0300, Tomas wrote:
Please, can someone give me a clue how to setup a vpn with
authentication.
I've set up a vpn between Windows clients and OpenBSD
server, everything works fine.
By itself 'vpn' can mean many things... tunnels over IPsec? PPTP?
unencrypted GRE/GIF? OpenVPN?
But since most of our clients are using ADSL lines and their
IP's aren't static I had to allow the whole world to connect to
my vpn server
If you want to, you may be able to restrict based on the address space
allocated to the provider (or the relevant RIR). RIR whois databases
can help you identify the relevant address space.
and my internal network.
On internal machines, you only need to allow access to the tunneled
addresses, not the dynamic endpoint addresses.
Your two best choices are probably kernel IPsec (with isakmpd to
establish SAs, possibly with X509 certs), or OpenVPN.
OpenVPN is usually the easier setup, and it's quite straightforward to
enable compression which can help a lot on slower lines (I'm not sure
if this is possible with isakmpd despite a tantalising line in
plus32.html - I think it needs ipsecadm-created ipsec flows).
IPsec (especially with isakmpd) isn't exactly difficult to setup, but
you'll need to grasp more terminology and basics first if you haven't
already. It involves less third-party software on both sides, and being
in-kernel I'd expect it to be higher-performing on a fast connection.
