I would like to have windows clients "in-the-wild" connect to an OpenBSD
firewall (client-to-site VPN). Which solutions are the better ones?

First priority is security,
second priority is all-round usability (NAT/dial-up/LAN/firewall/router
transparent)
third prio is userfriendly

Open software is preferred.

I found http://openvpn.net/ - are security "strong enough" with this
software?

Regards, Lars.

Lars Bonnesen wrote:
> I would like to have windows clients "in-the-wild" connect to an OpenBSD
> firewall (client-to-site VPN). Which solutions are the better ones?
>
> First priority is security,
> second priority is all-round usability (NAT/dial-up/LAN/firewall/router
> transparent)
> third prio is userfriendly
>
> Open software is preferred.
>
> I found http://openvpn.net/ - are security "strong enough" with this
> software?
>
> Regards, Lars.

hello lars,

openbsd has a built-in vpn-solution based on isakmpd/ipsec.

have a look at this:

http://www.grayskies.net/projects/op...vpn-howto.html

http://www.cs.umd.edu/users/mvanopst/xp2obsd.pdf

if you use the native xp-vpn solution, as far as i know you can export
the settings and simply import at another machines.

regards uwe

....another useful link:
http://www.monkey.org/openbsd/archiv.../msg01980.html

regards uwe

On 2005-10-15, Lars Bonnesen <none@invalid> wrote:
> I would like to have windows clients "in-the-wild" connect to an OpenBSD
> firewall (client-to-site VPN). Which solutions are the better ones?

I use SSH Secure Shell Client 3.2.9 on my w98se box. Though SSH has
begun charging for their newer Tectia version, the older 3.2.9 client
is still free for non-commercial use. It's mature and secure and easy
to use and still the M$ client of choice for many college campus
networks. Look for the SSHSecureShellClient-3.2.9.exe file on these
mirrors:

http://www.ssh.com/support/downloads...ommercial.html

nb

"ZarathustraDD" <uwe.werler@gmx.de> skrev i en meddelelse
news:1129741078.428261.225520@g44g2000cwa.googlegr oups.com...
> ...another useful link:
> http://www.monkey.org/openbsd/archiv.../msg01980.html

The information on the links you provided seems to be really good - thank
you. Will try them out.

Regarding IPsec, my exprience is that you quite easy get into network
setups, where IPsec does not work. That is being on a network with no port
50 and 500 open, being behind a router that for some reason do not support
IPsec packages to pass through. NAT/PAT problems and so on...

From what I understood about openvpn.net, it will work as long as port 80
and 443 is open - with no problem on NAT or PAT, routing or any blocked
ports and packet segments. Right or wrong?

Regards, Lars.

notbob wrote:
> On 2005-10-15, Lars Bonnesen <none@invalid> wrote:
> > I would like to have windows clients "in-the-wild" connect to an OpenBSD
> > firewall (client-to-site VPN). Which solutions are the better ones?
>
> I use SSH Secure Shell Client 3.2.9 on my w98se box. Though SSH has
> begun charging for their newer Tectia version, the older 3.2.9 client
> is still free for non-commercial use. It's mature and secure and easy
> to use and still the M$ client of choice for many college campus
> networks. Look for the SSHSecureShellClient-3.2.9.exe file on these
> mirrors:
>
> http://www.ssh.com/support/downloads...ommercial.html
>
> nb

Try the Green Bow client. It's great.

http://www.thegreenbow.com/vpn.html