OpenVPN Question - BSD

This is a discussion on OpenVPN Question - BSD ; I'm running FreeBSD-7.0-STABLE on a machine that is the gateway and IPFW firewall for my LAN. I have been interested in setting up VPN for this LAN so I can connect via Windows VISTA from my office. Can anyone help ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: OpenVPN Question

  1. OpenVPN Question

    I'm running FreeBSD-7.0-STABLE on a machine that is the gateway and IPFW
    firewall for my LAN. I have been interested in setting up VPN for this LAN
    so I can connect via Windows VISTA from my office. Can anyone help with
    these initial questions:

    1. I have read that one can use IPSEC with racoon in the FreeBSD Unleashed
    book. But I've since read that OpenVPN is a better, more reliable and
    simpler option. Any comments?

    2. If I use OpenVPN will I need two servers as the docs indicate, one on
    each end running OpenVPN or can I simply setup my home LAN router and then
    use the builtin VPN client from the Windows Vista machine at my office to
    connect to it?


  2. Re: OpenVPN Question

    On Sat, 5 Jul 2008 19:15:13 -0400, "Vladimir Tserijemwtz"
    wrote:

    >I'm running FreeBSD-7.0-STABLE on a machine that is the gateway and IPFW
    >firewall for my LAN. I have been interested in setting up VPN for this LAN
    >so I can connect via Windows VISTA from my office. Can anyone help with
    >these initial questions:
    >
    >1. I have read that one can use IPSEC with racoon in the FreeBSD Unleashed
    >book. But I've since read that OpenVPN is a better, more reliable and
    >simpler option. Any comments?


    IPSEC will work, but openvpn is indeed very easy to setup and quite
    flexible.

    >
    >2. If I use OpenVPN will I need two servers as the docs indicate, one on
    >each end running OpenVPN or can I simply setup my home LAN router and then
    >use the builtin VPN client from the Windows Vista machine at my office to
    >connect to it?


    The built in client is not openvpn capable. You will need to run
    openvpn on your Vista workstation as well as on your FreeBSD server.
    There are good HOWTOs and FAQs on www.openvpn.net that will walk you
    through the setup

    ---Mike

  3. Re: OpenVPN Question

    Vladimir Tserijemwtz wrote:
    > I'm running FreeBSD-7.0-STABLE on a machine that is the gateway and IPFW
    > firewall for my LAN. I have been interested in setting up VPN for this
    > LAN so I can connect via Windows VISTA from my office. Can anyone help
    > with these initial questions:
    >
    > 1. I have read that one can use IPSEC with racoon in the FreeBSD
    > Unleashed book. But I've since read that OpenVPN is a better, more
    > reliable and simpler option. Any comments?
    >


    As VPN is in general not that easy to setup it doesn't matter if you use
    OpenVPN or IPSec. OpenVPN has the advantage that you only need to open
    one single UDP port on the firewall where IPSec needs beside a special
    port a special IP protocol too. That often gives you headaches,
    especially with consumer firewalls.

    On the other side is IPSec support integrated in Windows Vista. You
    don't need to install additional software on the client to make it run.

    As summary I can say that if you take OpenVPN or IPSec is first of all a
    matter of taste.

    > 2. If I use OpenVPN will I need two servers as the docs indicate, one on
    > each end running OpenVPN or can I simply setup my home LAN router and
    > then use the builtin VPN client from the Windows Vista machine at my
    > office to connect to it?


    If you use OpenVPN you need a OpenVPN server in your home LAN. Depending
    on what kind of router you use at home you can either install the
    OpenVPN server directly on it or you install it on a dedicated machine
    running within your LAN.

    On your Vista office machine you will have to install the OpenVPN
    Windows client software. And if the firewall in your office is
    restrictive on outgoing traffic your admin must open the port for OpenVPN.


    Regards,
    Bruno

+ Reply to Thread