Hi. On Thu, Sep 10, 2015 at 10:34:30PM -0500, [email protected] wrote: > I am trying to understand the options for accommodating a "road warrior" > who, as a VPN client, needs to connect to one or more machines which > reside at the home office, in a LAN protected by a stand-alone firewall. > The road warrior is running Debian on a laptop. The firewall protecting > the LAN is IPCop2. > > After much searching with google and reading a number of documents, it > appears to me that there exist two approaches: > > (1) The firewall can act as the VPN server; this allows the roadwarrior to > access the entire protected LAN. > > (2) The VPN can bypass the firewall; in this case, one machine in the > protected LAN acts as the VPN server. > > Either of these solutions is acceptable. > > I do not know whether the use of IPCop2 simplifies or complicates the > situation; but the user strongly prefers to remain with IPCop2 rather than > to switch to another firewall.
Usage of IPCop2 seems to simplify things, as if [1] to be trusted, IPCop2 can function as openvpn server. Hence, all you need to do is to configure IPCop2 *and* use conventional openvpn on client side. The only hard choice for you to make is whenever openvpn server will use udp:1194 (faster), or tcp:443 (slower, but client can use openvpn via HTTP proxy if needed). [1] http://www.ipcop.org/2.0.0/en/admin/html/vpns-openvpn.html Reco
