On Wed, 8 Feb 2006, Simon Truss wrote:
> Henry Nelson wrote:
>> 
>> What I'd like to do is add a layer of security so that someone cannot
>> get packets through the firewall by spoofing my work IP address.  Ipsec
>> seems like the way to go, but even after reading http://www.netbsd.org/
>> Documentation/network/ipsec/ I cannot figure out where to start.
>> 
>> I was thinking that transport mode would work, and I don't think it
>> would be too hard to configure the NetBSD side at home, but I have no
>> idea what to do on the workplace side.
>> 
>> Any help, pointers, suggestions much appreciated.
>
> try openvpn the documentation proved clearer to me. After spending time 
> reading all their docs I could configure a working system with client and 
> server certs within 10mins. You may need to recompile your kernel with 
> routing support and tunnel interface driver.

Yes, OpenVPN is fantastic. A big bonus when using with with restrictive 
filewalls (e.g. no outbound access at all except for a web proxy) is that 
you can connect via a webproxy (even if it wants NTLM authentication) to 
your OpenVPN server (if you get the server to listen on port 443, it just 
looks like a long HTTPS session!).

-- 
Stephen