To echo the other replies, I highly suggest OpenVPN as well. Both isakmpd and openvpn recommend using digital certs to control access.
Openvpn also has the "auth-user-pass-verify" switch which calls a script/app to do additional authentication. Think poor-man's 2-phase authentication: have digital cert, know network authentication credentials. Furthermore, you can configure openvpn to dish out a static IP depending on the CN on the digital cert. -rpuckett On Wed, 2005-09-07 at 14:08 +0300, Tomas wrote: > Hello, > > Please, can someone give me a clue how to setup a vpn with authentication. > I've set up a vpn between Windows clients and OpenBSD server, everything > works fine. But since most of our clients are using ADSL lines and their > IP's aren't static I had to allow the whole world to connect to my vpn > server and my internal network. There are a lot of PCs with Windows XP with > firewalls enabled in my internal network, so when a client comes with a > different IP each time he can't connect to Windos PCs because their IPs > aren't listed in windows firewalls. So I decided to somehow authenticate > those users and give them one of the internal IPs. But I don't even have a > clue how to do that. First thing I thought off was authpf, but it only works > with ssh clients. So maybe can someone help me?