So I have a wireless router that I'm planning on using without nat on my network. Instead of bothering with WEP though I'm wanting to do something a bit more hefty like ipsec for encryption so all my data will be proected with strong encryption and I will have full access to everything on the lan. One freebsd box on the lan is already the firewall and provides dhcp service internally (yeah yeah extra services on the firewall but I trust the lan). At the moment I do not want to down that box for any reason including adding another network card. I thought instead I could put a second nic in another freebsd box on the lan and go off that.
I haven't played much with VPNs so I'm sort of muddled as to how this would work best. Would I be good to bridge the interfaces together and then install the vpn server and firewall rules to block all but the vpn traffic? Is that going to create other problems? How about assigning IP addresses via dhcp? I'd ideally like it for someone to just be able to come in and get like a copy of the certificate on disk and a password and be easily able to connect with their windows laptops.
So any links or suggestions are quite appreciated. I'm planning on playing around with it this weekend or next week, but I thought I'd check before I wasted my time with a flawed idea.
I haven't played much with VPNs so I'm sort of muddled as to how this would work best. Would I be good to bridge the interfaces together and then install the vpn server and firewall rules to block all but the vpn traffic? Is that going to create other problems? How about assigning IP addresses via dhcp? I'd ideally like it for someone to just be able to come in and get like a copy of the certificate on disk and a password and be easily able to connect with their windows laptops.
So any links or suggestions are quite appreciated. I'm planning on playing around with it this weekend or next week, but I thought I'd check before I wasted my time with a flawed idea.
Facebook
Twitter