View Single Post
  #6   (View Single Post)  
Old 1st July 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by jggimi View Post
Correct. You have a Cisco device ...
Quote:
Originally Posted by plexter;
I'm looking to switch my VPN access from Cisco over to my OpenBSD FW...
If I'm understanding the OP's direction -- away from Cisco to openBSD+pf -- then then answer set is quite different.

Yes, OpenVPN is a very nice option, especially in mixed O/S environments (for example, road-warrior=Windows, and gateway=openBSD). In a mixed O/S topology, OpenVPN is *arguably* the easier of all options to get working, once you've sourced the binary installs for each side -- client and gateway.

If you want to stay in the IPSec realm, I've had road-warrior success with Shrew Soft's http://www.shrew.net/ (freeware, donations accepted), where the road-warriors O/S are Windows- or Linux- or certain xBSD-based, in IPSec session with openBSD as the firewall/gateway.

If you're using openBSD *both* as the client road-warrior O/S and as the gateway O/S, then you can (and should) keep it native openBSD IPSec (i.e. no openVPN, no shrew.net).

In an openBSD-openBSD (or linux-openBSD) topology, ssh tunneling (ssh -w) is an interesting, easily achived VPN as well.

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 1st July 2009 at 11:41 AM.
Reply With Quote