>>> On 6/30/2008 at 10:49 PM, in message <[EMAIL PROTECTED]>, Vern Ceder <[EMAIL PROTECTED]> wrote: > Yep... it's dead easy to set up... a handful of menu choices and your > done. We didn't use it with a VPN, but the rest I know works very well. > > Vern > > Jon wrote: >> Got some more feedback on this from James, he pointed me to IPCop which >> looks kind of like an all-in-one package. >> >> Anyone used IPCop? >> >> On Wed, 2008-06-18 at 01:01 -0400, Rob Ludwick wrote: >>> OpenVPN is good. Clients for Windows, Linux, and MacOS exist. >>> >>> Configuration can be done via X.509 certs as well as username/password >>> authentication (or hey, if you're paranoid, both). >>> >>> It's more secure than Microsoft's PPTP, and it's faster than Tor. >>> >>> I do recommend you start here, it's the one I started off with. >>> http://www.thebakershome.net/openvpn_tutorial >>> >>> Proto should be TCP... and heck, use TAP0 (Ethernet Bridging). >>> >>> It uses X.509 Certs, but if you look around there are configurations for >>> Username/Password. >>> >>> --R >>> >>> >>>> Here's what I'm thinking. I want a VPN box (likely Ubuntu and SSH based) >>>> between my cable modem and my router. Any of my trusted machines run >>>> over open wireless or cat5 to the router and are configured to connect >>>> to the VPN. Then any connections over the open wireless or a tor exit >>>> node get logged (both CYA and traffic snooping) and go out to the >>>> internet. >>>> >>>> Goal is to explore the networking side of IT a little more, help my >>>> paranoid bretheren with Tor, and learn how to build a system that can >>>> safely function in a hostile environment. >>>> >>>> Depending on my mood I may also get a little grey-hat and see if >>>> anything interesting is coming through the unsecured wireless and Tor. >>>> >>>> Some questions: >>>> 1. Recommendations for a distro and VPN software for the VPN box? I'm >>>> most comfortable with Ubuntu, but I'm open to other options. Obviously >>>> the most common and easiest to configure VPN option wins. >>>> 2. How can I prevent the open connections from the outside from getting >>>> inside? I'm open to sharing my bandwidth, but I want to keep people from >>>> peeing in my pool. >>>> 3. How can I throttle (simple bandwidth cap) the unsecured traffic? The >>>> day will come when I decide to find out how far I can push Comcast, it >>>> will be the same day I decide to sign up for FiOS. >>>> 4. How can I give secured traffic priority over unsecured traffic? I.E. >>>> my ISO downloads come down BEFORE the tor node gets to myspace. >>>> 5. How can I readily configure my own Linux boxes, my wifes Mac, and any >>>> of my guests computers to connect to the VPN? Machines that regularly >>>> use the network should autoconfgure. >>>> 6. Any suggestions for dynamic DNS services? >>>> 7. How can I sanely manage the logs for the open connections? Following >>>> Bruce Scheiers idea of having an open wireless router is interesting, >>>> but I would prefer a more reliable way of covering my ass. >>>> >>>> >>> >>> _______________________________________________ >>> Fwlug mailing list >>> [email protected] >>> http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org > > _______________________________________________ > Fwlug mailing list > [email protected] > http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.or
Jon, I have deployed a few different IPCop Firewalls and even a couple with VPNs. I would strongly recommend that you use the Zerina OpenVPN plugin for your VPN. http://www.vpnforum.de/zerina/ . A couple of other plugins I use are: updatexlrator http://update-accelerator.advproxy.net/ advproxy http://advproxy.net/ urlfilter http://www.urlfilter.net/ If you have any questions on setup just let the list know. HTH, Ben -- Thank You, Ben Dailey [EMAIL PROTECTED] Asst. Technology Director Bluffton-Harrison MSD www.bhmsd.k12.in.us _______________________________________________ Fwlug mailing list [email protected] http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org
