> Hmm...is this why I can't get SMB "workgroup browsing" to work using IPSec?
> Even if you have WINS server?
WINS is for name resolution, workgroup browsing is something different.
On Tue, Aug 01, 2006 at 03:26:46PM +0800, Lars Hansson wrote:
> On Friday 28 July 2006 21:49, Stuart Henderson wrote:
> > simple end-user install on the Windows side
>
> I'd have to disagree with this. OpenVPN on Windows isn't nearly as end-user
> friendly and easy to install as, say, TheGreenbow
On Friday 28 July 2006 21:49, Stuart Henderson wrote:
> simple end-user install on the Windows side
I'd have to disagree with this. OpenVPN on Windows isn't nearly as end-user
friendly and easy to install as, say, TheGreenbow IPSec client.
> you can bridge an ethernet to a remote Windows box (he
On Sat, Jul 29, 2006 at 12:22:42PM -0700, jeraklo wrote:
> After summarizing all the clues I think I'll give a
> chance to OpenVPN + OpenBSD 3.9 combination primarily
> due to questionable quality of windows clients
> IPsec+IP stack (as I said in my first post - windows
> clients will comprise abou
After summarizing all the clues I think I'll give a
chance to OpenVPN + OpenBSD 3.9 combination primarily
due to questionable quality of windows clients
IPsec+IP stack (as I said in my first post - windows
clients will comprise about 99% of all my VPN client
base).
The differentiation between OS
On Fri, Jul 28, 2006 at 03:57:02PM -0400, Steven Surdock wrote:
> Stuart Henderson wrote:
> > On 2006/07/28 06:30, jeraklo wrote:
> >> sorry. got to go with the stable branch (3.9).
> >
> > disadvantages:-
> >
> > openvpn is more complicated to install on OpenBSD than ipsec
> > lots of security f
On Fri, Jul 28, 2006 at 09:29:59AM -0700, jeraklo wrote:
> Regarding NAT-T, does it have to be enabled both in
> clients and the VPN server ? If yes and if we're
> talking about windows clients - does it come bundled
> with some external IPsec client or does it have to be
> enabled in the windows i
On 2006/07/28 15:57, Steven Surdock wrote:
> > openvpn is more complicated to install on OpenBSD than ipsec
>
> Not on the client side, I think you'll find OpenVPN much easier to
> configure as well. OpenVPN is trivially easy to install using the
> packages on OBSD.
I do use both so I realise th
Stuart Henderson wrote:
> On 2006/07/28 06:30, jeraklo wrote:
>> sorry. got to go with the stable branch (3.9).
>
> disadvantages:-
>
> openvpn is more complicated to install on OpenBSD than ipsec
> lots of security fixes
Not on the client side, I think you'll find OpenVPN much easier to
configu
On Jul 28, 2006, at 2:17 PM, Randal L. Schwartz wrote:
"Jason" == Jason Dixon <[EMAIL PROTECTED]> writes:
Jason> Everything you need is in the base install. With the recent
changes to
Jason> ipsecctl and ipsec.conf, there's no need to consider
OpenVPN (except perhaps
Jason> on technica
> "Jason" == Jason Dixon <[EMAIL PROTECTED]> writes:
Jason> Everything you need is in the base install. With the recent changes to
Jason> ipsecctl and ipsec.conf, there's no need to consider OpenVPN (except
perhaps
Jason> on technical merits, which I believe it loses on).
Maybe not on "ge
From: [EMAIL PROTECTED]
> > You *will* require the 'access network' to pass ESP,
> > 500/UDP (IKE), and
> > 4500/UDP (IPsec NAT-T), of course.
> >
>
> Regarding NAT-T, does it have to be enabled both in
> clients and the VPN server ? If yes and if we're
> talking about windows clients - does it
--- Joachim Schipper <[EMAIL PROTECTED]> wrote:
> On Fri, Jul 28, 2006 at 07:09:17AM -0700, jeraklo
> wrote:
> > The proposed design will definitely be initially
> > tested in a lab. Not to worry about that part.
> >
> > The major problem I have seen by now is that IPsec
> > have problems wit
On Fri, Jul 28, 2006 at 07:09:17AM -0700, jeraklo wrote:
> The proposed design will definitely be initially
> tested in a lab. Not to worry about that part.
>
> The major problem I have seen by now is that IPsec
> have problems with NAT, while OpenVPN doesn't (but it
> adds to latency - it is
On Fri, Jul 28, 2006 at 06:30:13AM -0700, jeraklo wrote:
> --- Joachim Schipper <[EMAIL PROTECTED]> wrote:
> > to the VPN box. The only real problem you are going
> > to run into is if
> > subnet C overlaps with a network the client is
> > already connected to,
>
> actually, client connects to a
The proposed design will definitely be initially
tested in a lab. Not to worry about that part.
The major problem I have seen by now is that IPsec
have problems with NAT, while OpenVPN doesn't (but it
adds to latency - it is not a major concern in the
desired setup).
I would like to briefly
On 2006/07/28 06:30, jeraklo wrote:
> sorry. got to go with the stable branch (3.9).
ipsec.conf(5) was added for 3.8, and improved between then and
-current. isakmpd.conf(5) is no longer present in -current, so it
makes sense to use ipsec.conf(5) right away.
> OK but do OpenVPN connections surviv
On Fri, 28 Jul 2006 06:30:13 -0700 (PDT)
jeraklo <[EMAIL PROTECTED]> wrote:
> > Alternately, for a more shiny, more
> > firewall-friendly, but less
> > efficient protocol and not quite as secure an
> > implemenation, try
> > OpenVPN. It runs on Windows, Mac OS X, and (most?)
> > POSIX-compliant
>
--- Joachim Schipper <[EMAIL PROTECTED]> wrote:
> There is something in the archives about usable
> IPsec clients for
> Windows. The built-in one certainly isn't.
ok. good to know.
> This shouldn't be too difficult. Start by installing
> -current, which has
> a very neat new configuration interf
On Jul 28, 2006, at 8:09 AM, jeraklo wrote:
I just wanted to simplify the layout (it seems at the
end it went more complex, sorry), but two firewalls
are actually PIX firewall with several interfaces.
So, you are saying that pf(4), ipsec(4), ipsecctl(8),
and maybe vpn(8) is all I need ? Do I h
I just wanted to simplify the layout (it seems at the
end it went more complex, sorry), but two firewalls
are actually PIX firewall with several interfaces.
So, you are saying that pf(4), ipsec(4), ipsecctl(8),
and maybe vpn(8) is all I need ? Do I have to make
some special tweakings on the windo
Original message
>Date: Fri, 28 Jul 2006 14:28:44 +0200
>From: Hekan Olsson <[EMAIL PROTECTED]>
>Subject: Re: VPN help needed: OpenBSD in the corporate environment instead of
Linux
>To: jeraklo <[EMAIL PROTECTED]>
>Cc: misc@openbsd.org
>
>On 28
On Fri, Jul 28, 2006 at 02:19:46AM -0700, jeraklo wrote:
> Hi there,
>
> for the first time during my employment I have the
> opportunity to introduce OpenBSD into a production of
> the corporate environment as an VPN concentrator i.e.
> remote access server. The problem is, all folks here
> are v
On Fri, Jul 28, 2006 at 02:28:44PM +0200, H?kan Olsson wrote:
> On 28 jul 2006, at 14.09, jeraklo wrote:
> >
> >So, you are saying that pf(4), ipsec(4), ipsecctl(8),
> >and maybe vpn(8) is all I need ? Do I have to make
>
> That's a good start, yes. Plus it should be fairly easy to find
> confi
On 28 jul 2006, at 14.09, jeraklo wrote:
So, you are saying that pf(4), ipsec(4), ipsecctl(8),
and maybe vpn(8) is all I need ? Do I have to make
That's a good start, yes. Plus it should be fairly easy to find
configuration examples for setups like this.
some special tweakings on the win
On 28 jul 2006, at 11.19, jeraklo wrote:
...
The network layout looks like following:
CLIENT (can have public IP or private IP)
| (private client IP assumes default gateway uses NAT)
|
|
INTERNET
|
|
NIC_0_FIREWALL_0 (public IP)
FIREWALL_0
NIC_1_FIREWALL_1 (public IP, subnet_A)
|
|
NIC_0 (public
Hi there,
for the first time during my employment I have the
opportunity to introduce OpenBSD into a production of
the corporate environment as an VPN concentrator i.e.
remote access server. The problem is, all folks here
are very Linux biased and introducing OpenBSD for such
an important task is
27 matches
Mail list logo