[nycbug-talk] Question about implementing VPN wiht freeBSD

[Jonathan]

Ryan Seu wrote:
> Hey guys, it's the noob again :)
> 
> I'm right now considering between using freeBSD and CISCO PIX to
> implement a Firewall and VPN between a central office and few branch
> offices. I'm pretty familiar with PIX but I know next to nothing about
> issues with implementing VPN with BSD. The handbook does a good job of
> helping me set up but I was wondering if there are any
> compatibility/performance issues with freeBSD that I should know.
> 

In my (admittedly limited) experience with setting up a VPN I used 
OpenVPN 2 [1] which is in the ports collection [2].  It has quite a few 
features and can do a layer 2 or layer 3 VPN.  The layer 2 is nice for 
games that require UDP broadcast support :) but does not scale very well 
for obvious reasons.  It supports either shared secret encryption or SSL 
certificate based and can support multiple VPNs on a single server port, 
instead of needing a port per connection.  It has a very nice logging 
output which has a fairly large range of detail levels which makes it 
relatively easy to figure out why something is not working how it was 
expected to.

I don't know anything about Cisco PIX and I'm feeling too lazy to Google 
it right now as I'm reading up on firewalls so my opinion is quite biased.

[1] http://openvpn.net/
[2] http://www.freebsd.org/cgi/ports.cgi?query=openvpn&stype=all

Hope this helps,
Jonathan