Re: VPN suggestions

On Fri Jul 07/04/03, 2003 at 09:41:40AM -0600, Pete Scudamore wrote:
> I am running IPfilter on FreeBSD 5. I need to allow win32 clients to
> connect to the local network to run applications over the internet. What
> is the best way to do this? racoon? poptop? and are there any
> configuration changes I need to accomodate ipfilter?
>
> Thanks in advance!


http://www.science.uva.nl/~mes/jargon/m/mu.html

Mu.

The question depends on _way_ too many variables we do not know. :)
If you have to deal with clueless users running Windows 98, some sort of
PPTP option ( a la POPTOP ) may be your best solution.
If you're dealing with clueful management of a large enterprise, IPSEC +
PKI may be your best bet (a la Racoon w/IKE+PKI).

If the solution is totally under your control, and the users cluefulness
is irrelevant, IMHO IPSEC + PKI is probably the most secure option to
explore. Every time you add cluelessness and subtract control, you move
closer to a PPTP solution.

IPFilter itself requires nothing that any other packet filtering
mechanism does not -- simply allow the supported protocols.

--
Greg White