?
Solved

point to multipoint vpn

Posted on 2005-04-06
12
Medium Priority
?
1,727 Views
Last Modified: 2013-11-22
Hello,
Is it possible and how would this be done to have a point to multipoint vpn on FreeBSD.

If I have an ADSL connection with a static IP I would like to be able to connect this box to more than one remote server and establish a VPN connection.

When a VPN is established is it still possible to have local Internet access through the local ADSL connection?

What would be the best way for a staff member using a Notebook to connect to the office as they travel around and access the office network via the internet?

Thanks,
Ivan
0
Comment
Question by:icarey
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 1

Accepted Solution

by:
z0cool earned 172 total points
ID: 13735403
Hello

I have found that mpd located in the ports "/usr/ports/net/mpd/" works very well.  PPTP is built into almost every version of windows so extra software client does not need to be installed on the PC. The server and client are very easy to setup and would probably take 1hr tops to setup.

You can find more info at http://www.sourceforge.net/projects/mpd 

Here is a feature list...

      Multi-link PPP capability
      PAP, CHAP, and MS-CHAP authentication
      PPP compression and encryption
      Point-to-Point Tunnelling Protocol (PPTP)
      PPP over Ethernet (PPPoE)
      RADIUS (authentication and accounting)

Mpd also includes many additional features:

      Dial-on-demand with idle timeout
      Multiple active connections running simultaneously
      Dynamic demand based link management (also known as ``rubber bandwidth'')
      Powerful chat scripting language for asynchronous serial ports
      Pre-tested chat scripts for several common modems and ISDN TAs
      Clean device-type independent design
      Comprehensive logging

0
 
LVL 5

Assisted Solution

by:Chireru
Chireru earned 164 total points
ID: 13812171
Poptop: http://poptop.org/
OpenVPN:  http://openvpn.net/
FreeS/WAN: http://freeswan.org/ -
IPSec: http://www.freebsddiary.org/pipsecd.php - Uses IPSec

Each has it's own advantages.. for example, poptop is the best for windows compatability.
0
 
LVL 3

Assisted Solution

by:jrssystemsnet
jrssystemsnet earned 164 total points
ID: 14166387
I use and very strongly recommend OpenVPN, which is extremely fast, reliable, flexible, easy to configure, multiplatform, and uses OpenSSL based encryption.  http://openvpn.sourceforge.net

One particularly nifty thing about OpenVPN is that you can actually establish a working tunnel with a single command right from the shell prompt, with no config files whatsoever!  This is usually how I test out a new tunnel; just run the command right there at the prompt, and if it works, I kill the process and write the command up in an rc.d script and run it again from there.

Note: openvpn is available in the ports tree, but the version there is 1.x and if you are going to be using this crossplatform (ie interfacing directly with windows machines, not just tying two BSD boxen together) you will need to instead download and build 2.x from source, from openvpn.sourceforge.net.  When you do so, you'll need to pass arguments to ./configure either telling it not to bother building with LZO compression, or pointing it to the location of the headers and includes for LZO.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:Bienville
ID: 14472562
Sorry Ivan, None of those are a good choice. (except possibly openswan which I'm not sure runs on BSD)

OpenVPN will NOT do what you want... And I quote from the site:

 "There are three major families of VPN implementations in wide usage today: SSL, IPSec, and PPTP. OpenVPN is an SSL VPN and as such is not compatible with IPSec, L2TP, or PPTP." ... "OpenVPN is not compatible with IPSec, IKE, PPTP, or L2TP"

No L2TP means no Windows client without buying software at 100 bucks a seat.

Ivan, you need to cut to the chase and buy a hardware VPN endpoint. (Linksys DI-808HV is a good choice.) from 50 to 100 bucks depending on who makes it. LOOK FOR L2PT. That is the protocol you want. Also look for the number of tunnels. The 808HV will do 40 concurrently but (from memory) only 8 can be laptops (L2TP) at any one time. But 8 concurrent users will melt your DSL line anyway. ;-)

Do not use pptp it is old and easy to break. Sorry I don't have better news but that's the way life works sometimes. ;-(
0
 
LVL 5

Expert Comment

by:Chireru
ID: 14474819
> No L2TP means no Windows client without buying software at 100 bucks a seat.

Where do you get $100/seat figure?  OpenVPN is free and GPL, so is the Windows GUI..
http://openvpn.net/license.html
http://openvpn.se/

0
 
LVL 2

Expert Comment

by:Bienville
ID: 14476837
OK point taken... If you want your average Windows user trying to figure out how to configure a VPN from their laptop then you have a solution....

If you want a solution that your end users will not destroy, and -you know- can actually use, then you have another problem.

There are "solutions" and then there are "solutions."
0
 
LVL 5

Expert Comment

by:Chireru
ID: 14477710
Poptop uses PPTP
OpenVPN uses SSL tunnel
FreeS/WAN uses L2TP+IPSec
Pipsecd uses L2TP+IPSec

There's one of each tunnel/encryption type there, and all are compatible with windows (some requiring extra software), if that is a requirement.

Do NOT just use L2TP..  L2TP is a tunneling protocol that offers no encryption.  Most tunnels using L2TP use IPSec, which adds encryption, and a second level of overhead.  SSL is the cheapest on overhead, and PPTP is the most compatible for least overhead.

For staff members using notebooks, PPTP is definitely the best way to go... it's compatable, easy to install and use, requiring no extra software installation on windows notebooks.

For a more secure VPN, try SSL, which allows the use of certificates and other authentication technologies, and is cross-platform by providing a connectivity application for each platform.

I would only recommend L2TP+IPSec for perminant installations, as it has the ability to re-establish lost connections, but relies on both ends using static IPs, unless it's in a road warrior configuration.
0
 
LVL 2

Expert Comment

by:Bienville
ID: 14480967
> For staff members using notebooks, PPTP is definitely the best way to go... it's compatable, easy to install and use, requiring no extra software installation on windows notebooks.

PPTP can nearly be broken in real time today. If you want to keep people from reading your email or maybe some simple business correspondence OK.... BUT if you have real data (one of my clients is an investment banker) use L2TP+IPSec.
0
 
LVL 3

Expert Comment

by:jrssystemsnet
ID: 15568808
I'd say even split between first three commenters, all of whom provided workable solutions to fit the question.

I do not include Bienville because of giving erroneous information leading the poster to believe he can't do what he wants.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question