On Fri, 2003-01-31 at 20:28, Sean Chittenden wrote: > > Cisco is offering a VPN client for Linux. I wonder if it would be > > possible to run this under FreeBSD. An extra linux kernel module is > > being built. Is this already the 'ruled out'? > > > > If this won't work, I'm afraid I will have to set a dedicated redhat > > 6.x/7.x beside my FreeBSD gateway. Would it be possible to use NAT > > to extend the VPN (I only have one dedicated fixed IP on the > > gateway). > > Might I suggest using pppd + ssh. In my prior experience, it worked > worlds better than the Cisco VPN client and was likely provided a more > secure authentication (ssh keys vs. IKE?). As an added bonus, it ssh > + pppd doesn't hijack your interface so you can connect to the > Internet directly and to your office without having to send your > normal Internet traffic through the office. Yes there are security > problems with this, but running ipf(w) on the split host works > exceedingly well and is generally a tighter firewall than what's put > up to protect the office. ;) -sc
This is actually what I use to connect into Cisco (well, I use ppp+ssh). The downside is that right now, my "VPN concentrator" is being moved from one building to another, and I have no FreeBSD connectivity. Also, other companies might only allow inbound access via a proprietary VPN client. For those that also offer SSH, you're right, my make-shift VPN is much more flexible that what the Cisco VPN client provides. Joe -- PGP Key : http://www.marcuscom.com/pgp.asc
signature.asc
Description: This is a digitally signed message part