Getting Started with IPsec
A tbird posting to the The Shmoo Group about how to begin implementing a standards-based VPN.
On Wed, 6 Mar 2002, Paul Holman wrote:
I've been putting off use of VPNs for having had a terrible time with the clients in the past. In general, I try to do application layer encryption/authentication, but that argument starts to break up when you're just wrapping everything with SSH or SSL.
There are some reasons I'm interested in giving this a shot: Securing NFS & Remote access to internal network resources come to mind.
So I could use some guidance as I jump into this. My plan is to hook up with another novice friend tomorrow night and try playing with some Windows & Linux machines to see if we can get them working. Maybe MacOS X too.
I assume I should be using Free S/WAN on Linux. What about Windows. What the hell is that "Click here for a VPN" shit in Win2K? PPTP? Should I be using that or not? Where do I start?
Greetz all --
The FreeS/WAN implementation has gotten a lot easier to use
in the last couple of years, but OpenBSD's built-in IPsec support also has a
lot of users. FreeS/WAN has beautifully thorough documentation maintained by
Sandy Harris; it's at
My favorite starting document for OpenBSD is
In either case, here's a brief list (in no particular order)
of things to watch out for, general suggestions, and other useful URLs:
Everything in the universe that I know about VPNs is pretty
http://vpn.shmoo.com and the associated mailing list, firstname.lastname@example.org
You don't want to use PPTP. The VPN site has Windows IPsec clients listed if you need to support non-2k boxen.
Hope that helps.
cheers -- tbird