Sean Chittenden wrote:
Cisco is offering a VPN client for Linux. I wonder if it would be
possible to run this under FreeBSD. An extra linux kernel module is
being built. Is this already the 'ruled out'?
If this won't work, I'm afraid I will have to set a dedicated redhat
6.x/7.x beside my FreeBSD gateway. Would it be possible to use NAT
to extend the VPN (I only have one dedicated fixed IP on the
gateway).
Might I suggest using pppd + ssh. In my prior experience, it worked
worlds better than the Cisco VPN client and was likely provided a more
secure authentication (ssh keys vs. IKE?). As an added bonus, it ssh
+ pppd doesn't hijack your interface so you can connect to the
Internet directly and to your office without having to send your
normal Internet traffic through the office. Yes there are security
problems with this, but running ipf(w) on the split host works
exceedingly well and is generally a tighter firewall than what's put
up to protect the office. ;) -sc
The "connection hijack" by Cisco is indeed a very silly thing,
since the disabling of the routing of interfaces different
from the *one true and very secure* IPSec connection it is establishing
can be easly, very easly circumvented be deliberately changing
a string in the cisco linux kernel module. You have just to change
the string "eth" to "eth0" or whatever in the source code there.
Well indeed some linux ethernet devices do not obey the "ethXX" naming
schema, namely they register themself as "usbXXX" devices, so
the whole thing in without any good reason in first place anyway.
--
Marcin Dalecki
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
