Subject: Re: VPN with WIndows client and BSD server
To: Stein B. Sylvarnes <>
From: Paul Dokas <>
List: netbsd-users
Date: 07/29/2001 15:17:27
On Thu, Jul 26, 2001 at 10:24:30PM +0200, Stein B. Sylvarnes wrote:
> No, sorry. But I have another suggestion:
> You might be able to set up an pptp-server on your open/netbsd server. I 
> haven't checked the ports/packages, but I think it is available on both 
> platforms. I _know_ it works on FreeBSD and Linux, though. The server is 
> called PoPToP, I think. I am connected 24x7 to a FreeBSD server running 
> pptp from my OpenBSD box. Connecting from Win 95/98/2000 is also easy, I think.

Just a word of caution about PoPToP.  The last time that I played with
it under NetBSD, it worked great.  However, to get even a small bit of
security out of it, I also had to use the ppp-mppe package.  However, the
ppp-mppe package is *really* unstable.  It only takes a modest burst of
traffic to make it lock up solid (ppp-mppe that is, not the whole machine).

The only other solution that I could come up with was to use regular
PoPToP and then force all of the remote users to use Win2K and then
configure my PoPToP machine to only accept connections over IPSec.
That way, I could configure the remote machines to do IPSec and the
connections would be then be encrypted and, using certificates, authenticated.

This was *not* an easy or fun problem to setup and debug...

Paul Dokas                                  
Don Juan Matus:  "an enigma wrapped in mystery wrapped in a tortilla."