[clug-talk] IPCop and VPN

Trevor Lauder lists at thelauders.net
Mon Sep 19 23:50:56 PDT 2005 

On September 19, 2005 10:24 pm, Shawn wrote:
> Has anyone been successful in getting IPCop to act as a VPN server, and
> thereby an interface to the internal network? (for authorized users of
> course)
>
> This is one topic that just hasn't been clicking for me.  The resources I
> find online are old (for IPCop 1.2, or 1.3), or assume familiarity with
> other VPN systems.
>
> I'm probably making this much harder than it really is, but feel I need a
> little hand holding to get this in place properly the first time.  At that
> point I suspect everything will click for me, and will be able to recreate
> it, or expand on it.
>
> To be honest, I can feel a mental barrier anytime I do anything that needs
> to deal with more complex authentication mechanisms (more complex than just
> plain shell accounts that is), and security certificates.  It just seems
> that there's some underlying concept or fact I haven't grasped yet...  But,
> I'll keep at it until these areas do click for me.  I know enough to be
> productive regardless of this...
>
> So, the bottom line is I'm looking for any good online documents, or tips
> on how to get an IPCop 1.4 box configured to be a gateway into my network. 
> The boxes involved are mixed - some are windows and some are Linux,  both
> internally, and externally.
>
> Any suggestions are appreciated.  Thanks.
>
> Shawn
>

Although I can't speak for configuring IPCop (I'm assuming it uses IPSec / 
PPTP and that the one that is giving you grief is IPSec), I thought I would 
comment on the mental barrier you get when it comes to the more complex 
authentication methods.  The first time I looked at IPSec I felt the same way 
about trying to learn it.  I eventually did learn enough to get by in it but 
realised it was taking way too much energy for the benefits I would get from 
using it.  So, I stopped using it.  I'm not sure if you know about OpenVPN 
but I highly recommend using it over other VPN technologies.  There appears 
to be an addon / howto for OpenVPN on IPCop so that might help solve your 
issues.  Although I've only ever run OpenVPN on Gentoo & Windows 2000 / XP so 
I can't vouch for the ease of configuration on IPCop.  It will run on both 
Windows / Linux equally well without having to patch the kernel (it's all 
userspace aside from using the TUN / TAP adapter).  It doesn't suffer from 
the complexity that IPSec does, which in my opinion, makes IPSec a huge 
failure.  You get a mental block from IPSec because it was poorly designed :P

The OpenVPN addon / howto info for IPCop can be found:

http://home.arcor.de/u.altinkaynak/howto_openvpn.html

http://home.arcor.de/u.altinkaynak/openvpn.html


OpenVPN is quiet flexible.  I've used it to create bridged roadwarrior 
connections for Home users and for routed Network <-> Network connections 
involving 20+ networks connected to a central VPN Server.


Cheers,


Trevor

More information about the clug-talk mailing list