[nycbug-talk] IPSEC from one host to internal net?

[Charles Sprickman]

Howdy all,

I'm having a hard time figuring this one out.  I've got network to network 
IPSEC setup, and I've got on-demand VPN stuff setup.  This all works fine.

Now I need to add a (virtual) box over at RootBSD into the mix.  I'm 
looking for something of a hybrid between the network to network IPSEC 
setup and the "dialup-like" PPTP VPN.  In short I want this RooBSD xen 
host to have a single IP address from the internal network at the main 
datacenter.  We don't control the router at the datacenter, but there is a 
host there that acts as our VPN host for the PPTP clients and for the 
office (which requires a static route on each damn host to get the 
office's internal IPs routed to the VPN server).

With the PPTP setup using mpd5, I see that basically when a roaming user 
comes in via PPTP the VPN host starts to proxy-arp for the remote client. 
This is essentially what I want for the RootBSD host, but I want it as a 
nailed-up permanent connection and I want to leverage something other than 
PPTP.

Any ideas?

Thanks,

Charles