Bob's Notepad

Notes on projects I have done and things I have learned saved for my reference and for the world to share

Thursday, February 15, 2007

VPN for OSX and Windows with IPCop

I've found the easiest way to set up a VPN is to, first, use IPCop as your firewall/router. IPCop is an free linux distro that you boot the install CD and it automagically turns an old PC into a full function router and firewall.... It also has SNORT Intrusion Detection so you can download new IDS rules from snort.org and have it automatically filter traffic for spyware, intrusions, etc.

IPCop also has VPN services built in... the problem is: Windows is retarded. Windows does not behave the way standard VPN clients should so the easiest way to create a VPN is to use OpenVPN. There is a third party plugin at www.zerina.de that you can painlessly use to install an OpenVPN server. Put the tar.gz file on your IPCop box, extract it, and run the install script.... next thing you now, you have a configuration panel in your IPCop GUI (web configuration) to adjust the settings. All you need to do then is go to that panel, generate a certificate, and then generate certificates for each person that you want to access. Each person you will want to add as a roadwarrior (host to net) and then fill in a name for the connection and a password.

UPDATE 06/03/09 -- The latest Zerina installer package is restricted to IPCop version 1.4.18 but it does work on 1.4.21. All you need to do is edit the install script after unpacking and on line 46 you will see if [ ! "`echo $IPCOPVERSION | grep "1.4.18"`" ] -- just change that version number to 1.4.21 (current IPCop version as of this update). Follow everything else as normal

Once you add a connection and are back at the main OpenVPN Screen, click the first icon to the right of the connection to download a zip file that contains the certificate as well as a configuration file.

The best part is -- there are clients for Mac OSX and Windows that work painlessly. Here are the short howto's for each:

***WINDOWS***:

Step One:

Download the following file:
http://www.openvpn.se/files/install_packages/openvpn-2.0.7-gui-1.0.3-install.exe

Step Two:

Run that installation program and accept defaults for everything. Windows will warn you about a driver that has not passed the windows certification -- just click "Continue Anyway".

Step Three:

You will need a certificate generated if you have not received one already. The certificate will be contained in a zip file. There will be 2 files inside of that file and they will need to be put inside C:\Program Files\OpenVPN\config\ --- If you need to know how to do this, just double click the zip file and leave that window open. Then go to "My Computer" and select "Local Disk C:". Inside there you should see a Program Files folder. Open that and look for the OpenVPN folder -- then inside that look for the config folder. Open the config folder and then drag the 2 files from the zip file into this folder. Once they are in there, close all windows.

Step Four: Connecting

You're ready to connect to the VPN. In the tray by the clock in the lower right corner, you will see a new icon that will look like 2 computers with red monitors. The red indicates that you are not connected. Click the right mouse button on this icon and select "Connect" ... A window will pop up and ask you for your password. Enter your password and click OK. You will see the window do a bunch of stuff and then dissappear. You may or may not see a balloon window pop up saying you are connected.

Step Five: Use It


MACINTOSH OSX:

Step 1: Download Tunnelblick at http://www.tunnelblick.net/Tunnelblick-Tiger-2.0.1.dmg

Step 2: Open the DMG file to mount the image

Step 3: Run the "Tunnelblick-Complete.mpkg" file and follow the normal installation procedures

Step 4: Open finder and open the directory of your user name on the left side (usually the icon under the "desktop" icon). Open the "Library" folder. Create a new folder called "openvpn"

Step 5: Unzip the contents of your license file and place them in this new openvpn folder

Step 6: Rename the user-TO-IPCop.ovpn file to "openvpn.conf"

Step 7: You should see the tunnel icon on the menu bar next to the time. Click that icon and a menu drops down. Tell it to connect and it should ask you for your password (the password you gave your admin when creating your license file). You can save the password to your keychain file if you would like - but note this is less secure.

Step 7: If you see the "light at the end of the tunnel" in that icon, you are connected.

Links:

Labels: , , , ,

Reference Link