[nycbug-talk] road-warrior IPsec setup: looking for references

[Marc Spitzer]

On 8/27/05, Tillman Hodgson <tillman at seekingfire.com> wrote:
> If IPsec just doesn't work well for this sort of situation (dynamic IP
> that may be NATed), are there any recommendations for an OS X -> FreeBSD
> tunneling solution?
> 

Ipsec is probably not your best choice, openvpn over tcp is or setting
up something like stunnel or ssh as a secure tunnel.  You need to have
a lot of stuff open on the firewall inbound:

ike: udp 500
natt: udp 4500
ah: protocol 51
esp: protocol 50

pptp is almost as bad:

pptp: tcp 1423, outbound connection not a big deal
gre: protocol 47, inbound can be a problem

marc