[nycbug-talk] OpenBSD as a VPN device
Brian A. Seklecki
lavalamp at spiritual-machines.org
Thu Jan 10 13:29:26 EST 2008
On Thu, 10 Jan 2008, Jim Cassata wrote:
> Hi all,
> I am new to this group. We are using OpenBSD 4.2 for site to site IPSEC
> VPN. I was wondering if anyone could point me to some good reference
> materials or links to also use one these boxes for terminating
> client(less) VPNs. Best thing would be able to use the built in VPN
> wizard on user's XP laptops.
ipsec-tools has made confirmed progress talking to hybrid-xauth clients
(w/ PAM & RADIUS, etc.) such as Cisco. I'm not sure where isakmpd(8)
stands, but development is equally charged.
isakmpd(8) works great for P2P or L2L tunnel subnets, with exception of
that nasty "IPSEC encapsualtion happens before local directly attached
subnets are evaluated when unequal length subnets are define" bug --- but
there is a work-around for that.
More information about the talk