Re: VPN suggestions and advise for clean sheet setup
On Fri, Feb 29, 2008 at 04:09:01PM -0500, Daniel Ouellet wrote: > > Requirements are to sadly connect Windows users back to a network and I > want that box to be OpenBSD, or multiples OpenBSD boxes to get full > network access from these connections. Multiple at once and I try to > keep the management of the users as simple as possible. > Have a look at the VPN client at http://www.shrew.net/, it is a standards compliant IPSEC VPN client that interoperates with open software IPSEC implementations - I have not tried it with OpenBSD but I imagine that it will Just Work(tm). The license is reasonably fair though restrictive and you can create an "install" bundle that will pretty much auto-configure the client with only a small amount of prep work which makes the window side deployment very simple. The only issue I have had was the dead peer detection was a little too aggressive for some of the people I was using this with - just turning this off on the client side fixed the problem. -- Brett Lymn "Warning: The information contained in this email and any attached files is confidential to BAE Systems Australia. If you are not the intended recipient, any use, disclosure or copying of this email or any attachments is expressly prohibited. If you have received this email in error, please notify us immediately. VIRUS: Every care has been taken to ensure this email and its attachments are virus free, however, any loss or damage incurred in using this email is not the sender's responsibility. It is your responsibility to ensure virus checks are completed before installing any data sent in this email to your computer."
Re: VPN suggestions and advise for clean sheet setup
On 2008-02-29, Daniel Ouellet <[EMAIL PROTECTED]> wrote: > Three needs, providing access to remote Window users, browser, etc. > > And if possible in some cases providing specific network access via VPN > (tunnel, or what not) to remote office. > > Last, would be to provide streaming access via a secure gateway like > proxy or the like to traveling users. > > The solutions for each one could be different, but using the same setup, > or part of it anyway would obviously be better. > There is so many different choices and ways to do this now, witch one > would you recommend if today you could start with a clean sheet and not > have to be stuck with legacy setup? For my Windows users i setup OpenVPN in server mode. No problem at all for roaming users, the same crypto algorithms for Windows and for UNIX. User just starts .bat file and gets VPN. I think IPSec is not so good for Windows users because of limitation of crypto: 3des, sha1. It's not so hard to setup, but also i faced problem if office network is located behind NAT. Also i didn't find thing similar to srcid on Windows side. As long as i use OpenBSD at home i'm trying to setup IPSec tunnel for myself. But still don't resolv a problem :) (http://marc.info/?l=openbsd-misc&m=120378201209896&w=2) -- Alexey Vatchenko http://www.bsdua.org
VPN suggestions and advise for clean sheet setup
Hi, I have been looking into this for some time, but there is so many different setup possible that unless you have one and are force to continue using it, one wouldn't know witch way to go. I try to keep it as simple and clean as possible, so if you start with a clean sheet and no restrictions on use, what would you suggest to go with. Requirements are to sadly connect Windows users back to a network and I want that box to be OpenBSD, or multiples OpenBSD boxes to get full network access from these connections. Multiple at once and I try to keep the management of the users as simple as possible. I guess using the pptp client from Windows, or their remote office built-in XP. I have to say, last time I use any Microsoft PPTP client was about 12 years ago in the NT 4 service pack 6. That's how old it was. I only use ssh, putty if needed at time from Windows and that's all I need. I think you could say, it's time to come to sync with todays needs for Windows I guess. What would you suggest to use if any choice is possible? I know OpenBSD redesign the ipsec, but is that the best way now? Looks like many users still use OpenVPN, and a bunch of others. I am a bit at a lost as if that's best, why so many variation in use still today in the archive and why one would go that path. I would love the "KISS VPN" I guess. (;> Even connecting office together, I see many different choices in the archive. Three needs, providing access to remote Window users, browser, etc. And if possible in some cases providing specific network access via VPN (tunnel, or what not) to remote office. Last, would be to provide streaming access via a secure gateway like proxy or the like to traveling users. The solutions for each one could be different, but using the same setup, or part of it anyway would obviously be better. The goal is the minimize the impact and most importantly support and problem on the remote Windows users, witch I admit, may not be that easy. (;> There is so many different choices and ways to do this now, witch one would you recommend if today you could start with a clean sheet and not have to be stuck with legacy setup? Many thanks for the suggestions. Daniel