[nycbug-talk] OpenBSD as a VPN device

Brian A. Seklecki lavalamp at spiritual-machines.org
Thu Jan 10 13:29:26 EST 2008




On Thu, 10 Jan 2008, Jim Cassata wrote:

> Hi all,
>
> I am new to this group. We are using OpenBSD 4.2 for site to site IPSEC
> VPN. I was wondering if anyone could point me to some good reference
> materials or links to also use one these boxes for terminating
> client(less) VPNs. Best thing would be able to use the built in VPN
> wizard on user's XP laptops.

ipsec-tools has made confirmed progress talking to hybrid-xauth clients 
(w/ PAM & RADIUS, etc.) such as Cisco.  I'm not sure where isakmpd(8) 
stands, but development is equally charged.

isakmpd(8) works great for P2P or L2L tunnel subnets, with exception of 
that nasty "IPSEC encapsualtion happens before local directly attached 
subnets are evaluated when unequal length subnets are define" bug --- but 
there is a work-around for that.

~BAS



More information about the talk mailing list