1. Introduction and Disclaimers

There is a number of materials floating around the net dealing with VPN topics. I have found many to be quite useful, but none of them goes into a reasonable detail on two topics:

• Which technology is most suitable for which task if you are running on a tight budget.
• How to implement them for scenarios where FreeBSD is a RAS for Windows (and other) clients as well as infrastructure scenarios reusing the same FreeBSD system.

This write-up tries to look into both topics. It is a result of cross-compatibility tests and running production remote access or infrastructure VPNs between FreeBSD and most other usual suspects. It deals mostly with cases where FreeBSD is on one side, but you may find it useful for other VPN related work as well.

Please keep in mind that all usual disclaimers apply:

• This worked for me, your mileage may vary (TM).
• I am a great believer that any user controlled grand authentication scheme (passwords, tokens, pins, etc) will be quickly compromised by the users which it is supposed to authenticate. Hence remote access methods (including VPNs) must have strong authentication for machines as well as users. My opinion is skewed a bit as a result of that.
• My employers (current, past and future) deny any responsibility for any damages or losses caused by the use or misuse of this information. I deny any responsibility as well. You are on your own. If you ask nicely I will most likely be happy to help.
• All trademarks are property of their respective owners.
• This material is based on the excellent OpenSSL cookbook, OpenSSL documentation and various documents from Microsoft , the KAME project and others. All information used in this HOWTO is either freely available on the Internet or can be derived from interoperability testing and/or source review.
• I will be glad to accept any corrections and amendments to this document and maintain it to the extent I can (which is once in a blue moon).
• You are allowed to redistribute this document free of charge, modify it as you see fit and include in other documents and products as long as the original copyright notice is retained and/or due credit is given.