digg

Facebook Connect Join Digg About

HOWTO: Setup your own VPN with IPCop and OpenVPN!

thinkhole.org This is a great little tutorial for anyone looking to set up a vpn through the linux based IPCop firewall. A must read!

Who dugg this? Made popular Mar 29, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

28 Comments

show profanity settings
expand all
  • lasmith, on 10/12/2007, -0/+5http://www.dlink.com/products/?pid=59

    The DI-804HV ($60) has a pretty impressive feature set:

    * IPSec (40 IPSec Tunnels)
    * IP Authentication Header (AH)
    * IP Encapsulating Security Payload (ESP)
    * Internet Key Exchange (IKE)
    authentication and Key Management
    * Authentication (MD5 / SHA-1)
    * NULL/DES/3DES Encryption Algorithm
    and their use with IPSec
    * Internet Security Association and Key
    * Management Protocol
    * Main and Aggressive mode

    Not bad. And its not like IPCOP has NEVER had any security holes:

    http://www.frsirt.com/english/advisories/2005/0525
    http://www.unleashedportal.com/Article564.html

    We are talking about a company too cheap to get a good vpn router, so we look at bargain basement solutions. Thats a pretty dangerous scenario imho, but if you have to go that route, D-link isn't that bad compared with every other vendor's problems.




  • Cascading, on 10/12/2007, -0/+3We just received a quote from a MS System Engineer. They "Recommend replacing the Unix based firewall with hardware Firewall - SonicWALL TZ170." They consider our two IPCop systems, using the VPN feature, to "Complicated."
  • jeffreym123, on 10/12/2007, -0/+2Try pushing any kind of throughput through the DLink SoHo devices, it'll never happen.

    I just used this faq to set this up in 20 minutes. Kudos to the author!
  • goatrandy, on 10/12/2007, -0/+2I talked them into using OpenVPN at work, because of the unresolved security timing flaws in the windows PPTP implementation. It works, and it's secure. Anything less would be un-civilized...
  • Boondoggle, on 10/12/2007, -0/+2The problem with this is that it is IPSec based and it will not traverse as many routers as a SSL solution like OpenVPN will.

  • lasmith, on 10/12/2007, -0/+2The thing is, vpn routers are getting cheaper and cheaper. I think in the $100 range. They take up less space, power, and are supported by a major manufacturer. I mean it was fun setting up unix boxes for firewall/vpn back in the day when there wasn't anything affordable, but now its kind of unnecessary...
  • secretagent, on 10/12/2007, -0/+1Now will someone post how to do multiple Green/internal subnets through IPCOP. If you set up IPcop on 192.168.10.0, it won't let 192.168.11.0 talk to any server on the the 10.0 subnet
  • vonskippy, on 10/12/2007, -0/+1IPCop has a great community support forum (not officially tied to the developers) at:

    http://www.ipcops.com/modules.php?op=modload&name=PNphpBB2&file=index

    You got IPCOP questions/problems - they got the answers.
  • inactive, on 10/12/2007, -1/+2Here is another good link for creating a HOST to HOST vpn.
    http://www.databrokers.net/opensource/ipcop/vpn-to-vpn-detailed-how-to.html
  • ghostaliaz, on 10/12/2007, -0/+1Ipcop is cool. I have been wanting to create my own vpn for a while, so to me this gives me a chance to do so. Thank you to (lagerbottom) for posting this article & how to. Very good instructions also expecially for me a vpn newb.
  • ryguy, on 10/12/2007, -1/+2FYI: for roadwarrior users, you cannot use IPCOP as your internet gateway.
  • vonskippy, on 10/12/2007, -1/+2@rygay
    Wrong! Have you even ever used a IPCOP box before dishing out dumbass advice?

    @lasmith
    Name one sub-$100 box that has the security and feature set that IPCOP does. As to big name manufacture support - you mean like the sinking ship security offered by Microsoft, or the backdoor in Cisco, or the rootkit in Linksys, what?
  • Boondoggle, on 10/12/2007, -0/+1I agree. You'd have to go with a Sonic solution minimum to match IPCop (or Smoothwall that it is based on) just for the firewall and they run about $300 I don't know of any commercial VPN that provides SSL connections like OpenVPN does
  • EasY_TargeT, on 10/12/2007, -2/+3are you sarcastic or serious?
  • ramsinks.com, on 10/12/2007, -1/+2hamachi.
    done.
  • GotoDengo, on 10/12/2007, -2/+2Agree. Hamachi rocks. I wouldn't run a business on it, just b/c I'm dependent on Hamachi's servers to initiate the connection and I think they'll run out of IP addresses before too long... but I don't see why anyone would buy anything for a home VPN.
  • lasmith, on 10/12/2007, -2/+2What difference does that make?
  • pcgeek101, on 10/12/2007, -0/+0This would be perfect for the company I'm working for. No one wants to spend any money on VPN devices, so free ones using old crappy hardware would be nice. digg++
  • etnin, on 10/12/2007, -2/+2It's cool, but why not just use hamachi, or a vpn router as pcgeek101 said?
  • lasmith, on 10/12/2007, -1/+1Well I'm assuming any business that isn't willing to spend $60 on a router probably doesn't use enough throughput for it to matter if its a soho device or not.
  • sych0, on 10/12/2007, -1/+1i got plenty of old boxes laying around. i gotta try this.
  • vampares, on 10/12/2007, -0/+0Are there vpn routers that aren't unix based?
  • Boondoggle, on 10/12/2007, -1/+1This is OpenVPN!
  • jonnyxx, on 10/12/2007, -0/+0ipcop is great for vpn. I have been using it for a network for 4 Years. Have currently 16 High traffic vpn's running through to our main ipcop firewall. Granted, openvpn is very easy to set up and is definitely more suited to a road warrior situation than ipcop, I use it myself. Which brings me to the point that you can run the standard ipcop "net to net" vpn and also openvpn on the same ipcop box for your road warriers. They will both work just fine. Link here to a how to for openvpn and ipcop http://www.zerina.de/?q=documentation
    Don't diss ipcop. THese guys have made us all a lot safer over the years, without having to pay big bucks. It's stable, secure, Free and runs on "the smell of an oily rag" It has a blue zone for wifi, traffic shaping, blue zone access by mac, dhcp on multiple zones, many unofficial addons which work well, eg squidgaurd and gui for filtering anything from hacking sites, spam, porn, advertising etc. and about a host of other functions.
    openvpn is a great and usefull project, but if all you want ipcop for is a vpn, you sort of missed the point.
  • viperman, on 10/12/2007, -2/+1I wonder if Steve Gibson has seen his, he has been setting up tutorials about how to do this with Open VPN.
  • ryanknapper, on 10/12/2007, -3/+1Seven posts come up when one searches on Digg for ipCop.
  • lasmith, on 10/12/2007, -4/+1Woops replied to the wrong person. Ignore.
  • srineer, on 10/12/2007, -7/+1Wow this was helpful

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.