Discover and share the best of the web!
Learn more about Digg by taking the tour.
HOWTO: Setup your own VPN with IPCop and OpenVPN!
thinkhole.org — This is a great little tutorial for anyone looking to set up a vpn through the linux based IPCop firewall. A must read!
lagerbottom- 861 diggs
- digg it
- srineer, on 10/12/2007, -7/+1Wow this was helpful
- EasY_TargeT, on 10/12/2007, -2/+3are you sarcastic or serious?
- shoop, on 10/12/2007, -1/+2Here is another good link for creating a HOST to HOST vpn.
http://www.databrokers.net/opensource/ipcop/vpn-to-vpn-detailed-how-to.html- Boondoggle, on 10/12/2007, -0/+2The problem with this is that it is IPSec based and it will not traverse as many routers as a SSL solution like OpenVPN will.
- Boondoggle, on 10/12/2007, -0/+2The problem with this is that it is IPSec based and it will not traverse as many routers as a SSL solution like OpenVPN will.
- pcgeek101, on 10/12/2007, -0/+0This would be perfect for the company I'm working for. No one wants to spend any money on VPN devices, so free ones using old crappy hardware would be nice. digg++
- lasmith, on 10/12/2007, -0/+2The thing is, vpn routers are getting cheaper and cheaper. I think in the $100 range. They take up less space, power, and are supported by a major manufacturer. I mean it was fun setting up unix boxes for firewall/vpn back in the day when there wasn't anything affordable, but now its kind of unnecessary...
- vampares, on 10/12/2007, -0/+0Are there vpn routers that aren't unix based?
- goatrandy, on 10/12/2007, -0/+2I talked them into using OpenVPN at work, because of the unresolved security timing flaws in the windows PPTP implementation. It works, and it's secure. Anything less would be un-civilized...
- ryguy, on 10/12/2007, -1/+2FYI: for roadwarrior users, you cannot use IPCOP as your internet gateway.
- etnin, on 10/12/2007, -2/+2It's cool, but why not just use hamachi, or a vpn router as pcgeek101 said?
- lasmith, on 10/12/2007, -4/+1Woops replied to the wrong person. Ignore.
- GotoDengo, on 10/12/2007, -2/+2Agree. Hamachi rocks. I wouldn't run a business on it, just b/c I'm dependent on Hamachi's servers to initiate the connection and I think they'll run out of IP addresses before too long... but I don't see why anyone would buy anything for a home VPN.
- ryanknapper, on 10/12/2007, -3/+1Seven posts come up when one searches on Digg for ipCop.
- lasmith, on 10/12/2007, -2/+2What difference does that make?
- sych0, on 10/12/2007, -1/+1i got plenty of old boxes laying around. i gotta try this.
- vonskippy, on 10/12/2007, -1/+2@rygay
Wrong! Have you even ever used a IPCOP box before dishing out dumbass advice?
@lasmith
Name one sub-$100 box that has the security and feature set that IPCOP does. As to big name manufacture support - you mean like the sinking ship security offered by Microsoft, or the backdoor in Cisco, or the rootkit in Linksys, what?- lasmith, on 10/12/2007, -0/+5http://www.dlink.com/products/?pid=59
The DI-804HV ($60) has a pretty impressive feature set:
* IPSec (40 IPSec Tunnels)
* IP Authentication Header (AH)
* IP Encapsulating Security Payload (ESP)
* Internet Key Exchange (IKE)
authentication and Key Management
* Authentication (MD5 / SHA-1)
* NULL/DES/3DES Encryption Algorithm
and their use with IPSec
* Internet Security Association and Key
* Management Protocol
* Main and Aggressive mode
Not bad. And its not like IPCOP has NEVER had any security holes:
http://www.frsirt.com/english/advisories/2005/0525
http://www.unleashedportal.com/Article564.html
We are talking about a company too cheap to get a good vpn router, so we look at bargain basement solutions. Thats a pretty dangerous scenario imho, but if you have to go that route, D-link isn't that bad compared with every other vendor's problems. - Boondoggle, on 10/12/2007, -0/+1I agree. You'd have to go with a Sonic solution minimum to match IPCop (or Smoothwall that it is based on) just for the firewall and they run about $300 I don't know of any commercial VPN that provides SSL connections like OpenVPN does
- lasmith, on 10/12/2007, -0/+5http://www.dlink.com/products/?pid=59
- jeffreym123, on 10/12/2007, -0/+2Try pushing any kind of throughput through the DLink SoHo devices, it'll never happen.
I just used this faq to set this up in 20 minutes. Kudos to the author!- lasmith, on 10/12/2007, -1/+1Well I'm assuming any business that isn't willing to spend $60 on a router probably doesn't use enough throughput for it to matter if its a soho device or not.
- viperman, on 10/12/2007, -2/+1I wonder if Steve Gibson has seen his, he has been setting up tutorials about how to do this with Open VPN.
- Boondoggle, on 10/12/2007, -1/+1This is OpenVPN!
- ramsinks.com, on 10/12/2007, -1/+2hamachi.
done. - Cascading, on 10/12/2007, -0/+3We just received a quote from a MS System Engineer. They "Recommend replacing the Unix based firewall with hardware Firewall - SonicWALL TZ170." They consider our two IPCop systems, using the VPN feature, to "Complicated."
- ghostaliaz, on 10/12/2007, -0/+1Ipcop is cool. I have been wanting to create my own vpn for a while, so to me this gives me a chance to do so. Thank you to (lagerbottom) for posting this article & how to. Very good instructions also expecially for me a vpn newb.
- vonskippy, on 10/12/2007, -0/+1IPCop has a great community support forum (not officially tied to the developers) at:
http://www.ipcops.com/modules.php?op=modload&name=PNphpBB2&file=index
You got IPCOP questions/problems - they got the answers. - secretagent, on 10/12/2007, -0/+1Now will someone post how to do multiple Green/internal subnets through IPCOP. If you set up IPcop on 192.168.10.0, it won't let 192.168.11.0 talk to any server on the the 10.0 subnet
- jonnyxx, on 10/12/2007, -0/+0ipcop is great for vpn. I have been using it for a network for 4 Years. Have currently 16 High traffic vpn's running through to our main ipcop firewall. Granted, openvpn is very easy to set up and is definitely more suited to a road warrior situation than ipcop, I use it myself. Which brings me to the point that you can run the standard ipcop "net to net" vpn and also openvpn on the same ipcop box for your road warriers. They will both work just fine. Link here to a how to for openvpn and ipcop http://www.zerina.de/?q=documentation
Don't diss ipcop. THese guys have made us all a lot safer over the years, without having to pay big bucks. It's stable, secure, Free and runs on "the smell of an oily rag" It has a blue zone for wifi, traffic shaping, blue zone access by mac, dhcp on multiple zones, many unofficial addons which work well, eg squidgaurd and gui for filtering anything from hacking sites, spam, porn, advertising etc. and about a host of other functions.
openvpn is a great and usefull project, but if all you want ipcop for is a vpn, you sort of missed the point.
- jonnyxx, on 10/12/2007, -0/+0ipcop is great for vpn. I have been using it for a network for 4 Years. Have currently 16 High traffic vpn's running through to our main ipcop firewall. Granted, openvpn is very easy to set up and is definitely more suited to a road warrior situation than ipcop, I use it myself. Which brings me to the point that you can run the standard ipcop "net to net" vpn and also openvpn on the same ipcop box for your road warriers. They will both work just fine. Link here to a how to for openvpn and ipcop http://www.zerina.de/?q=documentation
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2008 —
Content posted by