Hi, I've got FreeS/WAN running a multi-leg VPN out of my office. I can recommend it for a fast and stable Linux--Linux VPN solution. All our nodes are running either DSL or cable modems. The freeswan tunnel generally adds 10 ms to the ping times. I haven't done raw throughput testing yet, but it has been in use for almost two months, and the only times I get complaints about speed are when the DSLs are crapping out (a different subject, don't get me started). A gotcha: Freeswan uses ipfwadm/ipchains in its startup scripts to establish its own routing through the box. The freeswan startup must happen before your firewall script runs. If your firewalling and masquerading rules get put into place first, your tunnels will still come up and look like they are functioning perfectly, but no traffic will get through. This piece isn't well documented and troubleshooting that took the majority of the configuration and testing time. The latest release (1.3) addresses this with hooks for running your firewall script at the right time, but I haven't tried it out yet. For Cisco, there is mention of getting it to work in the Compatibility FAQ, but is offered on a YMMV basis. http://www.freeswan.org/freeswan_trees/freeswan-1.3/doc/compatibility.html It lists a sample configuration for both freeswan and cisco sides. The VPN mini-HOWTO and other implementations like VPNstarter use ssh in a packet-forwarding scheme, so those resources wouldn't address your Cisco issues. Do you have to have Cisco on the far end? A Linux router over there would be one more for our side. :) Larry On Thu, 9 Mar 2000 23:51:44 -0700, you wrote: >Hi for Linux you can try FreeS/WAN (www.freeswan.org). Or here is a >miniHOWTO (http://www.linuxdoc.org/HOWTO/mini/VPN.html). Or ... will I >get crucified for mentioning it ... you can take a look at OpenBSD >(www.openbsd.org). I've found it to be an excellent server/gateway OS >although I haven't used IPSec/VPN functionality. > >Austin >godber@asu.edu > > >On Thu, Mar 09, 2000 at 11:23:30PM -0700, Digital Wokan wrote: >> Well, in a mixed blessing kind of way, the Cisco router my employer >> bought for future use in a VPN crapped out on us the other day. An >> upgraded IOS introduced me to an interesting ISDN bug they have. And >> their last attempt involved installing an IOS still in beta testing. So >> I dragged a 5x86-133 into work last night and put us back on the >> Internet with good ol' Linux while the Cisco gets troubleshot. >> Looks like this box, which was the predecessor to the Cisco, got it's >> day in the sun again. Maybe I can keep it in place. Anyone out there >> experienced with setting up VPN's between Linux boxes and Cisco >> routers? (Running 12.0.x IOS.) >> Care to share the howtos and what to expect to deviate from said howtos? >> (Oh, and Linux scores 2 because it was the first system to impress the >> boss with sharing a single IP across a LAN instead of individual >> dialups. So 1 point for each time it's been in place.) >> -- >> Digital Wokan >> Tribal mage of the electronics age >> Guerilla Linux Warrior >> >> _______________________________________________ >> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > >_______________________________________________ >Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us >http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Provoke not your SA to anger, for he is a jealous SA, vengeful, keeper of root, and quick to wrath.