p-chan
September 8th, 2003, 14:26
A while ago I tryed to setup a vpn to allow me to connect my laptop to my home openbsd 2.8 nat/firewall. Didn't really know what I was doing and didn't have any luck. Skip ahead a couple years, I have a slightly better idea what I'm doing and I want to give it another try.

Any suggestions on what software should I use. When I tryed this the first time the only choice I seemed to have was poptop. All of their english mirrors were down which is pretty much why I gave up the first time around. Is poptop still the way to go? I noticed freebsd has a port but openbsd didn't. Will the freebsd port with openbsd?


andy

hugh nicks
September 8th, 2003, 15:34
i've used this in the past. works fine.

http://www.safenet-inc.com/products/client_services/index.asp

the LT version would probably suit your needs.

gl

-hn

|MiNi0n|
September 8th, 2003, 15:47
You mean what to use for the VPN server on OpenBSD? It's built in, called isakmpd.

As for Windoze clients, if you're using XP see this:

http://www.cs.umd.edu/users/mvanopst/xp2obsd.pdf

Else grab that client that Hugh suggested and have a look here:

http://www.allard.nu/openbsd/

hugh nicks
September 8th, 2003, 17:50
my mistake. thought you were looking only for the windoze client. minion is right, isakmp is built in. not that hard to configure either. you will have it up and running in no time.

-hn

p-chan
October 20th, 2003, 21:16
A little update on this. I wasn't able to get it to work using the tutorial on that site, though I didn't try that hard. I looked over pgpnet and it seem the freeware version doesn't support connecting to a vpn gateway, which is what I want to do. The other clients mentioned wern't free either, and I have this thing about paying for software when there are other solutions (besides piracy). Any way I found this tutorial, it looks similar to the one |MiNi0n| posted only for win2k. I've yet to try it but I'm going to soon. I won't upgrade to xp for this, I don't think I'll upgrade to xp period.. rewriting the ping command so it no longer takes ip's in long decmial format is the latest edtiton to the long list of reasons I don't like it. Anyway here's the link for future refrence:http://mirror.huxley.org.ar/ipsec/isakmpd.htm

andy

p-chan
October 21st, 2003, 18:03
I gave it a shot today and it still didn't work. Not quite sure whats causing it. For some reason tee isn't writing the debugging output of isakmpd to a file (using the suggestion from that page isakmpd -d -DA=99 | tee isakmpd.log). It spams so much crap much faster then I can process it. I'll assume that its sending all that output to stderr and I'm just not doing something properly to capture it. The root of the problem probably has something to do with the certificates.. pki is my arch enemy, I've never had success with it.. even on windows ras. I guess I need to start reading up on this. If anyone wants to drop me some links here feel free.. untill then its off to google.

andy