In the next two articles, I'll demonstrate how to configure and troubleshoot an IPSec VPN on a FreeBSD system. When I first started configuring VPNs, I quickly discovered two things. First, there is more than one way to configure a VPN correctly . Along with my demonstration configuration files, I'll be including URLs to other IPSec tutorials, and you'll see for yourself that the syntax will vary slightly from tutorial to tutorial. Don't let the discrepancies bother you; instead, choose a configuration style that makes sense to you and results in a working VPN. Second, I found that I was typically left to my own devices when a VPN didn't work. There are few things in life more frustrating than following a set of instructions, only to discover that they don't work for your specific situation. Accordingly, I've included error messages which I have run across and my resolutions in the hopes that they might aid you in troubleshooting.

I'll be demonstrating a tunnel between two FreeBSD machines acting as VPN gateways. While my demonstration is specific to FreeBSD, it's possible to successfully apply the logic underlying the configurations to allow any system to access any IPSec VPN gateway. If this is your first VPN configuration, try it between two FreeBSD systems first. Once you get a handle on how a working tunnel operates and how to resolve the pitfalls you may come across, you'll be in good shape to experiment with other systems. The success of your experiments will depend upon the VPN gateway you are connecting to and how far the vendor has deviated from the IPSec standard by adding extra features.

[ Read more ]