You had the right idea with authpf. What I have done in the past is add the VPN pass rule to the authpf rule... Therefore, people have to ssh in, then the VPN can be established.
You could do something similar. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomas Sent: Wednesday, September 07, 2005 05:08 To: misc@openbsd.org Subject: [OT] Question about vpn and athorization between OpenBSD and Windows clients Hello, Please, can someone give me a clue how to setup a vpn with authentication. I've set up a vpn between Windows clients and OpenBSD server, everything works fine. But since most of our clients are using ADSL lines and their IP's aren't static I had to allow the whole world to connect to my vpn server and my internal network. There are a lot of PCs with Windows XP with firewalls enabled in my internal network, so when a client comes with a different IP each time he can't connect to Windos PCs because their IPs aren't listed in windows firewalls. So I decided to somehow authenticate those users and give them one of the internal IPs. But I don't even have a clue how to do that. First thing I thought off was authpf, but it only works with ssh clients. So maybe can someone help me?
