PPTP <-> IPSEC gateway?

What's the easiest way to get a PPTP <-> IPSEC gateway working, using free
software on 32 bit x86 hardware?

I looked at setting up poptop (PPTP server) on a general-purpose
distribution, but then it appears that is going to require tedious
patching and kernel rebuilding every time Redhat releases a new kernel.

So I looked at some other options, like wmpptpd, which doesn't appear to
require kernel tweaks again and again, but then it wasn't that clear how
to set up the PPP portion of that, and when I sent an e-mail to the
maintainers (promising to document what I do and put it on the web, in
exchange for the information), I didn't (yet) get a response.

I also looked at mpd on *BSD, but that too appears to normally require
frequent patching and compiling.

Then I started looking for distributions with PPTP already integrated into
the distribution. I looked at Astaro, m0n0wall (freebsd+php),
Securepoint, some others, and finally, Redwall. Redwall looks the closest,
but I'm encountering difficulties with routing, and DN with Redwall.

So this all brings me back to my original question: What is the
shortest-path solution, in the long term, for setting up a PPTP <-> IPSEC
gateway using free software and commodity 32 bit x86 hardware?

Thanks!

On Mon, 18 Oct 2004, Dan Stromberg <(E-Mail Removed)> wrote:
>
> What's the easiest way to get a PPTP <-> IPSEC gateway working, using free
> software on 32 bit x86 hardware?
>
> I looked at setting up poptop (PPTP server) on a general-purpose
> distribution, but then it appears that is going to require tedious
> patching and kernel rebuilding every time Redhat releases a new kernel.

I tried using poptop in an earlier SuSE (I believe it was included in SuSE
and I just needed to install it). But when I attempted to connect to it
with Win98se PPTP, it appeared to connect from the poptop logs, but then
Win98 immediately disconnected. It appeared that Win98 was looking for a
(non-existing) domain controller, but when I tried to enable its PPP
logging, to determine the problem, Win98 would crash.

I did successfully ipsec tunnel to my LAN through freeswan (on pppoe) from
a dialup ISP using either another Linux freeswan or SSHSentinal in Win98se
as a client. However, the free trial version of SSHSentinal that I used
may no longer be available (just a pay version through limited reps). I
have not tried XP's native ipsec. The hardest part about configuring
freeswan is figuring out the script to automatically punch a hole through
iptables for the ipsec interface, and figuring out how to have it
automatically select a secret if connecting client is dynamic.