On Jul 28, 2006, at 8:09 AM, jeraklo wrote:
I just wanted to simplify the layout (it seems at the
end it went more complex, sorry), but two firewalls
are actually PIX firewall with several interfaces.
So, you are saying that pf(4), ipsec(4), ipsecctl(8),
and maybe vpn(8) is all I need ? Do I have to make
some special tweakings on the windows client machines
in order to run the VPN, or is ti just a matter of
some default configuration ?
Not to interject here, but your chances for success are directly
proportional to your understanding of TCP/IP and IPsec. It sounds as
though you are not terribly experienced with either. That's not to
say you can't make this happen, but I would strongly suggest you
reproduce your proposed design in a test lab (probably at home).
Everything you need is in the base install. With the recent changes
to ipsecctl and ipsec.conf, there's no need to consider OpenVPN
(except perhaps on technical merits, which I believe it loses on).
Once you've started testing your network and run into problems,
definitely come back and we'll be happy to help.
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
