Angelo’s blog

I’m a big fan of OpenVPN, but sometimes an IPSec VPN is the way to go if one of the parties involved require it, for example because one of the ends is a Cisco VPN device, or because one of the administrators doesn’t know OpenVPN (and doesn’t want to get to know something new), or because security policy doesn’t allow the use of other VPN solutions.

One of our clients connects to all kinds of different VPN endpoint, and as a test I wanted to try connecting to one of his remote endpoints using a FreeBSD machine (a VMware ESX guest), to simplify management and lessen the cable-clutter in the rack.

I’ve been trying to set up the tunnel to the remote VPN3005 concentrator, and have been unsuccessful so far. The phase 1 connection is set up, but the phase 2 won’t complete successfully. I’ve even asked the developers for help (discussion), but haven’t been able to get much further. One of the problems is that the remote VPN concentrator admin won’t answer any phone calls or emails. Well, it’s only testing anyway. I guess our customer will have to stick to buying Cisco boxes for the time being.

Along the way I have gotten to know IPSec a little bit better, and I have written a guide to help people (like myself) to get up and running quickly, at least with a FreeBSD-FreeBSD tunnel: Read the guide here