| gabriel rosenkoetter on Wed, 26 Sep 2001 03:20:36 +0200 |
|
On Tue, Sep 25, 2001 at 09:03:14PM -0400, Michael Leone wrote:
> I considered that, but how can that help if my users are on dynamic IP
> assignments from their ISP? It doesn't seem right to allow an ISP's
> entire range of IPs, just in case. Even if it's really only my dept who
> would access via SSH; I'm still trying to get a full VPN going using my
> Cisco Pix, for common users. Problem is, the boss wants to make sure
> that any home users who have WinME (ack! thfpt!) will be able to access
> ... and the cheap Cisco VPN client won't work with WinME; only the $150
> version works with WinME. And they would prefer not to have to pay that
> much, for any individual employee to be able to access the whole LAN
> remotely. So, apparently NOBODY will be able to.
I have some experience with NetBSD's IPSec stuff. I'd be willing
to help set it up, if you'd like.
I know I recently (a month ago, maybe) saw a PR filed saying that
communication with windows clients was broken, but the fact that
a PR has been filed means that it is getting or has been fixed.
Also, it's not like I'm a member of core or anything, but I can
probably leverage some pressure/submit code in the right places
(as regards NetBSD) to make it behave.
(I'd be surprised if my the company with whom I interned this past
summer, Wasabi Systems, wouldn't be interested in a Cisco PIX-killer
kind of project. Get a bargain basement PC, a couple of SMC
EtherPower cards, and you're good to go. All of this *theoretically*
works with the MS VPN client.)
--
~ g r @ eclipsed.net
Attachment:
pgp0bbhg6p00L.pgp
|
|