Re: VPN solutions for OpenBSD to Windows
Hello, On Fri, 22.12.2006 at 05:03:11 +, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. we have good experience with the NCP Secure Entry client (www.ncp.de). It is very capable and easy to handle, although also one of the most expensive pieces out there that I'm aware of. Best, --Toni++
Re: VPN solutions for OpenBSD to Windows
Can you better define your set up? If you want to connect from a Windows road warrior which may or may not be behind a NAT, OpenVPN can hardly be beat in ease of use, robustness etc. It runs fine as a service or on demand, has optionally a nice GUI and I had no issues with packet length etc. If the Windows machine is not behind a NAT and is directly connected to the Internet Greenbow is really a fine product. Regards Peter http://www.hopfgartner.it Edy wrote: Hi Peter, Have you look at OpenVPN? Please check out this document http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd Cheers, Edy [EMAIL PROTECTED] wrote: Hi gang, I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. Thanks in advance for any comments, Peter
Re: VPN solutions for OpenBSD to Windows
On Fri, Dec 22, 2006 at 05:03:11AM +, [EMAIL PROTECTED] wrote: I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? The Windows build-in VPN client uses L2TP running over IPSEC transport mode. It's straightforward to set up IPSEC transport mode between Windows and OBSD. Unfortunately finding a working L2TP daemon for OBSD is harder. I made some patches to rp-l2tp, and posted them to this list a few weeks ago. It kind-of worked, but I had a problem with vty's and packets over 1024 bytes, and nobody here was able to provide any assistance in debugging the problem. If you want to have a go, please feel free. I can't find an open archive of [EMAIL PROTECTED] You can try these links, but I removed my username and password from them. Otherwise scan the archive for December looking for subject rp-l2tp, ppp and pty problem http://lists.openbsd.org/cgi-bin/mj_wwwusr?list=miscbrief=onfunc=archive-get-partextra=200612/293 http://lists.openbsd.org/cgi-bin/mj_wwwusr?list=miscbrief=onfunc=archive-get-partextra=200612/299 Regards, Brian.
Re: VPN solutions for OpenBSD to Windows
On Fri, Dec 22, 2006 at 01:41:05PM +0800, Lars Hansson wrote: On Friday 22 December 2006 13:03, [EMAIL PROTECTED] wrote: What of the built-in VPN client for the Windows OS? While it works it suffers mainly from two things; being confusing to configure and lacking strong ciphers (you only get DES and 3DES). I'll second this, but with the footnote that 3DES is not so much insecure as it is slow. Joachim
Re: VPN solutions for OpenBSD to Windows
I second that -- OpenVPN is great. Easy and quick to set up, clients for most OSes (and you can re-use the config files across OSes. that was a nice bonus when the boss wanted his Mac to connect to the VPN). Unless there's another requirement that means you can't use OpenVPN, you should check it out. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Hopfgartner Sent: Friday, December 22, 2006 6:09 AM To: misc@openbsd.org Subject: Re: VPN solutions for OpenBSD to Windows Can you better define your set up? If you want to connect from a Windows road warrior which may or may not be behind a NAT, OpenVPN can hardly be beat in ease of use, robustness etc. It runs fine as a service or on demand, has optionally a nice GUI and I had no issues with packet length etc. If the Windows machine is not behind a NAT and is directly connected to the Internet Greenbow is really a fine product. Regards Peter http://www.hopfgartner.it Edy wrote: Hi Peter, Have you look at OpenVPN? Please check out this document http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd Cheers, Edy [EMAIL PROTECTED] wrote: Hi gang, I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. Thanks in advance for any comments, Peter
Re: VPN solutions for OpenBSD to Windows
I would also agree that OpenVPN is nice and fairly simple to set up... I use it and enjoy it. The only problem I could point out about OpenVPN, is that it cannot interact with other VPNS - I.E. OpenSwan or Other Hardware/Software solutions running ipsec. Please correct me if I am wrong. Amedeo Peter Landry wrote: I second that -- OpenVPN is great. Easy and quick to set up, clients for most OSes (and you can re-use the config files across OSes. that was a nice bonus when the boss wanted his Mac to connect to the VPN). Unless there's another requirement that means you can't use OpenVPN, you should check it out. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Hopfgartner Sent: Friday, December 22, 2006 6:09 AM To: misc@openbsd.org Subject: Re: VPN solutions for OpenBSD to Windows Can you better define your set up? If you want to connect from a Windows road warrior which may or may not be behind a NAT, OpenVPN can hardly be beat in ease of use, robustness etc. It runs fine as a service or on demand, has optionally a nice GUI and I had no issues with packet length etc. If the Windows machine is not behind a NAT and is directly connected to the Internet Greenbow is really a fine product. Regards Peter http://www.hopfgartner.it Edy wrote: Hi Peter, Have you look at OpenVPN? Please check out this document http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd Cheers, Edy [EMAIL PROTECTED] wrote: Hi gang, I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. Thanks in advance for any comments, Peter
Re: VPN solutions for OpenBSD to Windows
Hi Peter, Have you look at OpenVPN? Please check out this document http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd Cheers, Edy [EMAIL PROTECTED] wrote: Hi gang, I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. Thanks in advance for any comments, Peter
Re: VPN solutions for OpenBSD to Windows
On Friday 22 December 2006 13:03, [EMAIL PROTECTED] wrote: What of the built-in VPN client for the Windows OS? While it works it suffers mainly from two things; being confusing to configure and lacking strong ciphers (you only get DES and 3DES). --- Lars Hansson
Re: VPN solutions for OpenBSD to Windows
- Original Message -From: Edy [EMAIL PROTECTED]Date: Friday, December 22, 2006 12:17 amSubject: Re: VPN solutions for OpenBSD to WindowsTo: [EMAIL PROTECTED]: misc@openbsd.org Hi Peter, Have you look at OpenVPN? Please check out this document http://blog.innerewut.de/articles/2005/07/04/openvpn-2-0-on-openbsd Cheers, Edy [EMAIL PROTECTED] wrote: Hi gang, I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. Thanks in advance for any comments,Sorry, I should have specified that I would like to use OpenBSD's native VPN implementation. Of course, if that is not feasable then I will definitely take a look at OpenVPN.Peter
Re: VPN solutions for OpenBSD to Windows
On 12/22/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi gang, I'm looking for peoples' experiences and advice for setting up a VPN between OpenBSD (I will be using 4.0) and Windows XP/2000 systems. I have tested the Greenbow client and it seems ok. What of the built-in VPN client for the Windows OS? I am mostly interested in ease of configuration and reliability of the tunnel. I am ok on IPSEC theory. Thanks in advance for any comments, Peter The greenbow client is definitely easier to use than the built-in MS IPSec client, and offers a lot more in terms of capabilities. There are some limitations on the MS client as far as what types of encryption you can use with the Phase1/2 negotiations. With the Windows client, there are two approaches I've used to establish IPSec tunnels: (1) the IPSec MMC Snap-in and (2) the command line method (via the windows support tools). In either case, there is no clear way to see that a tunnel is established or to close the tunnel. It's clear to the savvy user on how to close a tunnel, but if you are looking to deploy it to a regular user-base, it probably won't be so clear. With the MMC snap-in, you can export the settings, then another user can import those settings, at which point only minor changes are required to make it work (configure the ip for your end of the tunnel). The same applies to the command line approach. Axton Grams