Jump to content



Photo

[IPCOP] A VPN That supports the standard Windows Client


  • Please log in to reply
9 replies to this topic

#1 TurboTuna

TurboTuna

    Neowinian Senior

  • Joined: 30-September 04
  • Location: Kent

Posted 09 February 2007 - 19:35

I have openVPN Installed and it works great, only problem is i need to use the openVPN Client on each machine.

What VPN Options do i have that support The standard windows vpn protocols? (PPTP i believe?)

Edit: Just noticed that ipcop actually has a vpn option. But i can't seem to get it to work, any idiot proof guides out there?

Edited by TurboTuna, 09 February 2007 - 19:41.



#2 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 09 February 2007 - 19:43

I have openVPN Installed and it works great, only problem is i need to use the openVPN Client on each machine.

What VPN Options do i have that support The standard windows vpn protocols? (PPTP i believe?)

http://www.poptop.org/
Poptop - The PPTP Server for Linux

And what is the big issue with using the openvpn client on each of your road warrior machines? Are you looking for more of a net to net vpn, or are the clients each connecting from where ever they are at outside of your location.. Or are they all from one location? You do understand that the installation of the openvpn client could automated, and or made part of your standard machine image, etc.. etc..

Also any windows server OS is capable of allowing VPN access, you could allow for PPTP traffic thru your IPcop firewall.. PPTP is going to come with its own problems for clients that are on the road.. for PPTP to work, more than just 1 port has to be open from where they are coming from.. Unlike the SSL based vpn that is openvpn.

edit: To be honest the only thing PPTP has going for it from the VPN side is the client base, since it comes standard for windows.. But it has many disadvantages that would IMHO push it to the bottom of the list when looking for a VPN solution.

#3 OP TurboTuna

TurboTuna

    Neowinian Senior

  • Joined: 30-September 04
  • Location: Kent

Posted 09 February 2007 - 19:52

To be fair, theres nothing wrong with me installing the openVPN Client on each machine, seeing as they are either part of a domain and can be pushed through, or they are my own machines.

I'm not one to just "go with the flow" so to speak, i like to test each alternative to see if it has benifits or gains for what its needed to do.

As always budman comes to the rescue with a much appreciated response!

Evidently, I will be implementing a net-to-net vpn later on this week, what would you recommend? Its just going to be one to link my home network (ipcop based) with my shop I have (Hardware over there is undecided yet). What would you recommend? I already have openVPN setup on ipcop this side, but what about my shop side?

Thanks :)

#4 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 09 February 2007 - 22:22

openvpn can do net to net vpns -- you could install it on a server on your shop side.. What it will come down to is what vpn options you have on your shop and what you have at home that you can get to work together ;)

Hardware to hardware would always be an option as well - depending on what routers you have, or willing to buy.. What is nice about the openvpn option is it will run on about any OS you have.. easy to setup -- and the price is right ;)

I personally like the simplicity of SSL based vpns vs say PPTP or IPSEC.. But there are always many things to take into account when picking the right solution.. so its not the end all to vpn solutions by any means.

Do you have some real hardware at each site -- or limited to soho type stuff? A simple soho type of hardware solution would be to pick up some routers that can run openwrt or dd-wrt and use them as your vpn endpoints.. in the $40-80 range.

#5 OP TurboTuna

TurboTuna

    Neowinian Senior

  • Joined: 30-September 04
  • Location: Kent

Posted 10 February 2007 - 02:03

I'm not limited in any way shape or means, but of course its a business so i'd like to keep things cheap, I'll have a server running SBS 2003 & a couple of machines free for anything i feel like putting on them (linux? ipcop? etc..)

Right now the only point of my net-to-net VPN is so i can access my computers shared drives & NAS storage devices from the shop.

#6 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 10 February 2007 - 02:47

What is going to be the border device?? A box running IPcop would get my vote ;) if so -- your net2net vpn is no brainer, openvpn would be the obvious choice ;)

On IPcop I would assume your using http://www.zerina.de/ on IPcop 1.4.13

#7 EcPercy

EcPercy

    Neowinian

  • Joined: 27-April 05
  • Location: Kuwait

Posted 10 February 2007 - 03:11

I have to agree with BudMan here. Setting up an IpCop at the shop with OpenVPN sounds like the best choice since you are already an IpCop running at home.

You are also looking at the cost factor and have some spare hardware. This would keep the cost to a minimum and you would be running a system that you are already familiar with.

With a few mods you can transform the IpCop to a very robust solution.

User Mods:
Zerina (OpenVPN)
IDS Control (Allows you to control what protocols are watched)
Guardian (Adds IPS functionality and takes action based on what you allow in the IDS)
Midnight Commander (Because I hate VI) :D

Add-on Server Mods:
Logsend (Sends logs to specified e-mail address)
Net-Traffic (Shows traffic usage for all interfaces)
Cop+ (DansGuardian allows the use of black/grey/white lists to filter web traffic)

Anyway, I am sure that you may already be aware of those mods. Have fun getting everything up. :)

I am tracking this topic. Let us know how everything works out.

Edited by EcPercy, 10 February 2007 - 03:31.


#8 OP TurboTuna

TurboTuna

    Neowinian Senior

  • Joined: 30-September 04
  • Location: Kent

Posted 10 February 2007 - 12:23

What is going to be the border device?? A box running IPcop would get my vote ;) if so -- your net2net vpn is no brainer, openvpn would be the obvious choice ;)

On IPcop I would assume your using http://www.zerina.de/ on IPcop 1.4.13


Correct. But when I go to make the net-to-net VPN on OpenVPN its greyed out, did i miss something?

#9 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 10 February 2007 - 12:30

Correct. But when I go to make the net-to-net VPN on OpenVPN its greyed out, did i miss something?

I would assume yes.. ;) But since you have not given us any details of what you have done - I can not help point out what you missed.

http://www.zerina.de...n/howto-net2net
This howto will explain how you can set up an OpenVPN based net2net connection between 2 IPCop's in a few minutes.

#10 OP TurboTuna

TurboTuna

    Neowinian Senior

  • Joined: 30-September 04
  • Location: Kent

Posted 10 February 2007 - 14:07

Ah, yeah. Stupid moment there! thanks for the help Budman & EcPercy!



Click here to login or here to register to remove this ad, it's free!