IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Networking Forum / IPCop & OpenVPN/Poptop
Post #161,484
by cforde
Picture of cforde
6/24/04 3:49:56 PM
Reply
New IPCop & OpenVPN/Poptop
I have a simple network that I want to make a little more complicated.
IPCop is performing firewall duties and on the internal network there are a number of Windows XP Pro desktops and a Fedora Core 1 server, running Samba mostly. I want to enable VPN access to the internal network. IPCop has IPSec which seems a bother to setup on each user's laptop/home system. So I've found [link|http://www.poptop.org/|Poptop] and [link|http://openvpn.sourceforge.net/|OpenVPN].

I'm leaning towards using OpenVPN and found [link|http://babylon.vtlink.com/article.php?sid=30|these instructions] which help quite a bit. But I'm working at the limits of my limited Linux administration ability here and don't know what it is I don't know. I imagine running OpenVPN on the firewall and making requests to an inside server is not a good idea. Can I run OpenVPN on the Fedora Core 1 server and authenticate the VPN sessions there (via Samba?)? Is that a good idea? It might be better to have different VPN passwords than signon passwords? Clearly, it would be better if I knew I what I was doing... I would appreciate some illumination.
Have fun,
Carl Forde
Post #161,570
by FuManChu
Picture of FuManChu
6/25/04 12:34:44 AM
Reply
New The thing to understand about OpenVPN
...is it's not a traditional VPN. It's bridged ethernet. So your authentication can be whatever you would use on your wired network, *truly* tranparently over the tunnel. So, yes, you can run it on the Fedora box, but I wouldn't. Go get a cheap or used box for dedicated OpenVPN--it's just passing packets.
Post #161,629
by folkert
Picture of folkert
6/25/04 1:35:30 PM
Reply
New Yes... that is the ticket.
When I find a better ISP (really I mean *IF*) I will be doing that.


Wolverine from Coyote Linux is pretty nice.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey

Heard near the SCOG employee entry/exit way:

  Security: We got another Mass Exodus Doorway Jam.
Post #161,672
by cforde
Picture of cforde
6/25/04 7:00:25 PM
Reply
New I already have a cheap box
it's the firewall running IPCop. So I could put OpenVPN on it. I just have to tell IPCop to accept traffic on the appropriate ports (5000+ that I use). Is that right? It's still not clear to me that having OpenVPN on the same machine as the firewall is a good idea. FedoraNews has an [link|http://fedoranews.org/contributors/florin_andrei/openvpn/|article] that shows it set up that way though.
Have fun,
Carl Forde
Post #161,703
by FuManChu
Picture of FuManChu
6/26/04 12:19:34 AM
Reply
New I'm not sure how that would work.
...since OpenVPN acts more like a network switch than a VPN, it would tend to "take over" most packets bouncing across its internal NIC, I think. Hm. I'm not enough of an IP guru to know if that would work or not. Try it and let us know? <:)
     IPCop & OpenVPN/Poptop - (cforde) - (4) - June 24, 2004, 03:49:56 PM EDT
         The thing to understand about OpenVPN - (FuManChu) - (3) - June 25, 2004, 12:34:44 AM EDT
             Yes... that is the ticket. - (folkert) - June 25, 2004, 01:35:30 PM EDT
             I already have a cheap box - (cforde) - (1) - June 25, 2004, 07:00:25 PM EDT
                 I'm not sure how that would work. - (FuManChu) - June 26, 2004, 12:19:34 AM EDT

Walk like an Egyptian.
75 ms