Re: Roaming tunnel (IPSEC or something).
Lewis I am currently struggling with getting IPSEC to work, I had everything working until my hard drive died. bellow is a link to a tutorial that on setting up PPTP with X509 certificates. I believe there are some errors in the commands the author used for generating the certificates. http://www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO.html I will take a look at mpd Thank you On Friday 27 August 2004 08:40 am, you wrote: > On Fri, Aug 27, 2004 at 08:28:58AM -0600, Aaron Siegel wrote: > > Hello > > I am in the process of setup a similar configuration using poptop to > > create a pptp link between a static server and a roaming computer with an > > anonymous. There is also l2tpd from what I read it is more secure than > > pptp but it does not work through a NAT. I will hopefully get this up > > and running soon sofar I have only been able to create an unencrypted > > pptp link. > > That sounds very interesting. I don't suppose you would let me see any > notes you make when you get a bit further along? I've not got much > further -- mainly because I've been trying to get my sound card working > properly. > > Thanks a lot, > > -lewiz. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Roaming tunnel (IPSEC or something).
On Fri, Aug 27, 2004 at 07:29:49PM +0100, Lewis Thompson wrote: > On Fri, Aug 27, 2004 at 01:08:04PM -0500, uidzero wrote: > > Sorry to bother you directly but, I too have been looking into doing > > this, Could you possibly send me any URLs you might have used or if you > > documented it somehow, send tht to me as well? > > No problem. I used the following: > > http://reallydodgy.org/~jrose/index.php?content=mpd.html > http://www.itga.com.au/~gnb/vpn/pptp-serv.html > http://freebsdaddicts.org/modules.php?name=Sections&op=viewarticle&artid=9 > > My biggest piece of advice is to use mpd at both ends (if you're using > a FreeBSD client). I had trouble with pptpclient (protocol errors at > the server end) but mpd as a client worked perfectly. > > I've not really made any notes but I'm just about to clean up my > config files, I'll email these when I've done them. Here you go. Basically my server is 192.168.0.1 on the network 192.168.0.0. It's external address is 10.0.0.42. mpd.conf (server): default: load pptp0 load pptp1 load pptp2 load pptp3 load pptp4 pptp_common: set bundle enable crypt-reqd set bundle enable compression set iface route 192.168.0.0/24 set iface idle 7200 set iface enable proxy-arp set ipcp dns 192.168.0.1 set ipcp nbns 192.168.0.2 set link keep-alive 10 60 set link no pap chap set link enable chap set ccp yes mppc set ccp no mpp-e40 set ccp no mpp-e56 set ccp yes mpp-e128 set ccp yes mpp-stateless pptp0: new -i ng0 pptp0 pptp0 set ipcp ranges 192.168.0.1/32 192.168.0.50/32 load pptp_common pptp1: new -i ng1 pptp1 pptp1 set ipcp ranges 192.168.0.1/32 192.168.0.51/32 load pptp_common pptp2: new -i ng2 pptp2 pptp2 set ipcp ranges 192.168.0.1/32 192.168.0.52/32 load pptp_common pptp3: new -i ng3 pptp3 pptp3 set ipcp ranges 192.168.0.1/32 192.168.0.53/32 load pptp_common pptp4: new -i ng4 pptp4 pptp4 set ipcp ranges 192.168.0.1/32 192.168.0.54/32 load pptp_common mpd.links (server): pptp0: set link type pptp set pptp self 10.0.0.42 set pptp enable incoming set pptp disable originate pptp1: set link type pptp set pptp self 10.0.0.42 set pptp enable incoming set pptp disable originate pptp2: set link type pptp set pptp self 10.0.0.42 set pptp enable incoming set pptp disable originate pptp3: set link type pptp set pptp self 10.0.0.42 set pptp enable incoming set pptp disable originate pptp4: set link type pptp set pptp self 10.0.0.42 set pptp enable incoming set pptp disable originate mpd.secret (server): user"password" * mpd.conf (client): default: load pptp0 pptp0: new -i ng0 pptp0 pptp0 set bundle enable crypt-reqd set bundle enable compression set bundle authname "user" set bundle password "pass" set iface disable on-demand set iface idle 0 set ipcp ranges 0.0.0.0/0 192.168.0.0/24 set link keep-alive 10 60 set link no pap set link yes chap set link enable no-orig-auth set ccp yes mppc set ccp no mpp-e40 set ccp no mpp-e56 set ccp yes mpp-e128 set ccp yes mpp-stateless open mpd.links (client): pptp0: set link type pptp set pptp peer 10.0.0.42 set pptp disable incoming set pptp enable originate outcall I hope this is some use to you! Best wishes, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpU0yDcLrSc1.pgp Description: PGP signature
Re: Roaming tunnel (IPSEC or something).
On Fri, Aug 27, 2004 at 03:40:08PM +0100, Lewis Thompson wrote: > On Fri, Aug 27, 2004 at 08:28:58AM -0600, Aaron Siegel wrote: > > Hello > > I am in the process of setup a similar configuration using poptop to create a > > pptp link between a static server and a roaming computer with an anonymous. > > There is also l2tpd from what I read it is more secure than pptp but it does > > not work through a NAT. I will hopefully get this up and running soon sofar > > I have only been able to create an unencrypted pptp link. > > That sounds very interesting. I don't suppose you would let me see any > notes you make when you get a bit further along? I've not got much > further -- mainly because I've been trying to get my sound card working > properly. I've just spent a while playing around with mpd and I have successfully got what I wanted working. On the server there is an mpd daemon. I have connected successfully with my laptop (running mpd as a client) and also with a remote Windows XP SP2 machine (my friend somewhere else in England). Only thing is that it's encrypted at just 128kbit. Something more along the lines of 256kbit-1024kbit would be much nicer ;) -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpkMuPas1bkl.pgp Description: PGP signature
Re: Roaming tunnel (IPSEC or something).
On Fri, Aug 27, 2004 at 08:28:58AM -0600, Aaron Siegel wrote: > Hello > I am in the process of setup a similar configuration using poptop to create a > pptp link between a static server and a roaming computer with an anonymous. > There is also l2tpd from what I read it is more secure than pptp but it does > not work through a NAT. I will hopefully get this up and running soon sofar > I have only been able to create an unencrypted pptp link. That sounds very interesting. I don't suppose you would let me see any notes you make when you get a bit further along? I've not got much further -- mainly because I've been trying to get my sound card working properly. Thanks a lot, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpWlQHlcZv1F.pgp Description: PGP signature
Re: Roaming tunnel (IPSEC or something).
Hello I am in the process of setup a similar configuration using poptop to create a pptp link between a static server and a roaming computer with an anonymous. There is also l2tpd from what I read it is more secure than pptp but it does not work through a NAT. I will hopefully get this up and running soon sofar I have only been able to create an unencrypted pptp link. Aaron On Wednesday 25 August 2004 03:44 pm, Lewis Thompson wrote: > Hi, > > I'm wondering if it's possible to have a ``roaming tunnel'' so I have > local-like access on my laptop wherever I am. > > I currently have an encrypted IPSEC tunnel set up between my laptop > and server (both with static IPs) as explained in the Handbook > (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html) > but I'd like to extend it so that I can connect to my server (a static > IP) from anywhere with my laptop (a dynamic IP). > > Is this even possible? I've been told about isakmpd but I fail to see > really how it differs from racoon. Any suggestions about this would be > greatly appreciated. Thanks! > > -lewiz. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Roaming tunnel (IPSEC or something).
On Aug 25, 2004, at 5:51 PM, Lewis Thompson wrote: On Wed, Aug 25, 2004 at 05:42:21PM -0500, David Kelly wrote: On Aug 25, 2004, at 4:44 PM, Lewis Thompson wrote: I'm wondering if it's possible to have a ``roaming tunnel'' so I have local-like access on my laptop wherever I am. Have not done it myself but IIRC the key is to define an "anonymous" host in raccoon.conf. I spotted that existed... but I have gif tunnels set up and firewall rules... how do these work? As I said, "I haven't done it" but Google "+anonymous +raccoon +ipsec" turns up a couple of interesting references: PIX IPSec VPN to FreeBSD - Static IP http://bshell.com/projects/freebsd_pix/static.html and I remember using this one way back when I last set up a VPN tunnel with FreeBSD: http://asherah.dyndns.org/~josh/ipsec-howto.txt A prettier version at: http://www.daemonnews.org/200101/ipsec-howto.html -- David Kelly N4HHE, [EMAIL PROTECTED] Top-posters will not be shown the honor of a reply. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Roaming tunnel (IPSEC or something).
On Wed, Aug 25, 2004 at 05:42:21PM -0500, David Kelly wrote: > On Aug 25, 2004, at 4:44 PM, Lewis Thompson wrote: > > >I'm wondering if it's possible to have a ``roaming tunnel'' so I have > >local-like access on my laptop wherever I am. > > Have not done it myself but IIRC the key is to define an "anonymous" > host in raccoon.conf. I spotted that existed... but I have gif tunnels set up and firewall rules... how do these work? -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpQ3YMyjxIxQ.pgp Description: PGP signature
Re: Roaming tunnel (IPSEC or something).
On Aug 25, 2004, at 4:44 PM, Lewis Thompson wrote: I'm wondering if it's possible to have a ``roaming tunnel'' so I have local-like access on my laptop wherever I am. Have not done it myself but IIRC the key is to define an "anonymous" host in raccoon.conf. -- David Kelly N4HHE, [EMAIL PROTECTED] Top-posters will not be shown the honor of a reply. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Roaming tunnel (IPSEC or something).
Hi, I'm wondering if it's possible to have a ``roaming tunnel'' so I have local-like access on my laptop wherever I am. I currently have an encrypted IPSEC tunnel set up between my laptop and server (both with static IPs) as explained in the Handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html) but I'd like to extend it so that I can connect to my server (a static IP) from anywhere with my laptop (a dynamic IP). Is this even possible? I've been told about isakmpd but I fail to see really how it differs from racoon. Any suggestions about this would be greatly appreciated. Thanks! -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |- pgpUGs0atBUcw.pgp Description: PGP signature