FreeBSD <--> Windows 2000 IPsec/L2TP

[Platypus]

I need to connect two networks with separate private address spaces over the internet.  The points at each end must be Windows 2000 Server and FreeBSD.  I am required to use IPsec for the encryption and L2TP for the tunnel.  The boxes would be dual homed to allow routing functionality.  The external NIC would have a public IP address on the internet, while the internal NICs would have internal addresses such as 10.1.1.1 and 10.1.2.1.  The individual private networks are on different subnets as to allow routing over the vpn.

10.1.1.x network --- FreeBSD --- internet --- Windows 2000 Server ---- 10.1.2.x network

Making the situation more complicated is that I currently will need to use a preshared key, not a certificate.  Later I will have certificate ability, so any solution I can set up now that will allow the later use of certificates would be a plus.

I have found documentation for FreeBSD regarding racoon and have been able to create the needed network using FreeBSD at both ends, but cannot figure out how to create the solution with 2000 server.  The windows documentation of course only deals with connecting 2000 servers to each other, not with any UNIX or other vendor solution.

Any help would be greatly appreciated as I have searched endlessly on the internet and read about all the documentation I can find from Microsoft.

 

[Platypus]

Anyone? :\

 

[Monoman]

Why don't you you setup 2 smoothwall boxes on the interent side of things and route from there. It will just be your VPN IPsec boxes. Haven't dome my homework on this but it's just an idea... Check it out! www.smoothwall.org

 

[Platypus]

Originally posted by: Monoman
Why don't you you setup 2 smoothwall boxes on the interent side of things and route from there. It will just be your VPN IPsec boxes. Haven't dome my homework on this but it's just an idea... Check it out! www.smoothwall.org

Originally posted by: CorporateRecreation
FreeBSD

 

[Monoman]

yeah yeah, but the Smoothie way would be fairly easy Good luck in your quest!

 

[n0cmonkey]

Would connecting it to a FreeBSD system be that different than connecting it to a Windows system? You know how to setup the FreeBSD box already, so set it up and play with the windows machine until you get it working.

 

[Platypus]

Deciding to skip windows altogether and put another FreeBSD box in place, at least that will actually function using well established standards

Also, it looks like the L2TP support in FreeBSD 5.x is fvcked up and uses IP encapsulation of some sort.