On Thu, 26 Mar 2015 13:21:10 -0400 Predrag Punosevac <punoseva...@gmail.com> wrote:
> Hi Misc, > > I need to provide secure access to a web application running on my > servers to handful typical desktop users. I am thinking of requiring > them to have L2TP/IPSec VPN tunnel before they can browse my > application. HTTPS is not good enough due to the nature of the > application. > > Why L2TP? I am not a Windows uses but it seems that it should be > trivial to setup client side > > https://www.hideipvpn.com/2010/03/howto-windows-7-ipsecl2tp-vpn-setup-tutorial/ > and avoid customer service requests, on another hand I am reading man > pages for npppd and ipsec on 5.7 and Giovanni's slides from two years > ago > > http://www.slideshare.net/GiovanniBechis/npppd-easy-vpn-with-openbsd > > for the talk he gave at BSDCan IIRC. I don't need to use RADIUS just a > local authentication database. It is in the base and it seems very > easy to configure. > > Is anybody running similar setup in production? Any caveats? Any other > advises before I take a plunge. > > Predrag > > P.S. I have quite a bit experience with OpenVPN server on OpenBSD > but in my experience getting credentials to a Windows client is pain > because a typical user knows only to double click and I don't know > now to properly make Windows packages. This setup works for 2 years like charm: https://www.mimar.rs/sysadmin/2013/npppd-novi-openbsd-pptp-server PPTP though, not L2TP. -- Marko Cupać https://www.mimar.rs