On Fri, 2003-01-31 at 20:28, Sean Chittenden wrote:
> > Cisco is offering a VPN client for Linux. I wonder if it would be
> > possible to run this under FreeBSD. An extra linux kernel module is
> > being built.  Is this already the 'ruled out'?
> > 
> > If this won't work, I'm afraid I will have to set a dedicated redhat
> > 6.x/7.x beside my FreeBSD gateway. Would it be possible to use NAT
> > to extend the VPN (I only have one dedicated fixed IP on the
> > gateway).
> 
> Might I suggest using pppd + ssh.  In my prior experience, it worked
> worlds better than the Cisco VPN client and was likely provided a more
> secure authentication (ssh keys vs. IKE?).  As an added bonus, it ssh
> + pppd doesn't hijack your interface so you can connect to the
> Internet directly and to your office without having to send your
> normal Internet traffic through the office.  Yes there are security
> problems with this, but running ipf(w) on the split host works
> exceedingly well and is generally a tighter firewall than what's put
> up to protect the office.  ;)  -sc

This is actually what I use to connect into Cisco (well, I use
ppp+ssh).  The downside is that right now, my "VPN concentrator" is
being moved from one building to another, and I have no FreeBSD
connectivity.  Also, other companies might only allow inbound access via
a proprietary VPN client.  For those that also offer SSH, you're right,
my make-shift VPN is much more flexible that what the Cisco VPN client
provides.

Joe

-- 
PGP Key : http://www.marcuscom.com/pgp.asc

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to