Affordable Access

Advanced VPN Support on FreeBSD Systems

Publication Date
  • Communication


Advanced VPN support on FreeBSD systems Riccardo Scandariato, Fulvio Risso Politecnico di Torino, Italy {scandariato, [email protected] Abstract— Currently, the Virtual Private Network (VPN) support of- fered by FreeBSD is quite limited: it provides a way to establish tunnels but it does not consider the problems of multiple VPNs concurrently de- ployed on the same machine. Our implementation enables the provision- ing of VPN services on FreeBSD by extending its routing and forwarding infrastructure. We adopted the virtual router approach, by adding sup- port for multiple routing tables. Forwarding kernel modules have also been modified accordingly. We also improved several user-level applications (e.g. route, ifconfig, zebra) to allow the exploitation of the new routing infras- tructure. Keywords— Provisioned IP VPN, virtual router, GRE tunnel, FreeBSD I. INTRODUCTION THE Internet, originally born as an academic-based infras-tructure, is rapidly evolving toward a generic network in which academics, business, and several other worlds are coexist- ing. From the pure networking perspective (i.e. we do not intend to take into account any application issue), one of the problems of the nowadays public IP networks is the lack of support for IP private addresses. At a glance, supporting a private address- ing schema on a public IP network seems to be a non-sense. However, from the perspective of companies with a wide area network infrastructure, this is a strong requirement since the IP public network is becoming a way to connect together their branch networks around the world (and saving money). This is the well-know topic under the name of Virtual Private Net- works (VPN), i.e. networks that use a public IP infrastructure to connect together several pieces with private addressing (and with the need of secured communications). The biggest issue in VPN support is that the IP protocol did not foresee the need of multiple overlapping addresses spaces, so that applications like VPNs introduce a high de

There are no comments yet on this publication. Be the first to share your thoughts.