Friday, July 04, 2008

IPCOP VPN in Ubuntu 8.04

On IPCOP machine side (server)

  • Under the VPNs tab, enable the VPN on BLUE checkbox. Click Save.
  • Create your host/root certificates by clicking on the Generate Root/Host certificates button. After creation, there are two lines. First line is Root certificate. The subject line should be something like: C=US, O=My Network, CN=My Network CA. You'll need this info later.
  • Add a new connection (on the same page). Select host-to-net (road warrior) connection. Give it a name like BlueNetwork. Interface (obviously) should be blue. Local subnet should be 0.0.0.0/0.0.0.0 (this will give you access to the green and red networks). For authentication, I am using a pre-shared key, so I make sure that that line has the selected radio buttona and Fill in password. Click Save.

    On Ubuntu machine side (client)

  • Install OpenSwan
    $ sudo apt-get install openswan (to get Openswan installed)
  • Edit file /etc/ipsec.conf and paste the below script after "# Add connections here"
    ++++++++++++++

    conn bluenetwork
    left=%defaultroute
    right=x.y.z.w
    rightsubnet=192.168.1.0/255.255.255.0
    authby=secret
    auth=esp
    pfs=yes
    compress=no
    auto=add

    Note (1): replace x.y.z.w with the public IP of the IPCop VPN you
    want to access
    Note (2): change rightsubnet as per the internal network (GREEN)
    behind the IPCop firewall
    Note (3): you can change "bluenetwork" to another name if you want to

  • In your /etc/ipsec.secrets you just need:
    =========================================
    : PSK "pre-shared key defined in the IPCop VPN"

  • To start IPsec:
    # /etc/init.d/ipsec start

  • To stop IPsec:
    # /etc/init.d/ipsec stop

  • To bring up the VPN tunnel:
    # ipsec auto --up myvpn

  • To bring down the VPN tunnel:
    # ipsec auto --down myvpn


    Hopely success full :)
    Thank to "whitelover"
  • 6 comments:

    Anonymous said...

    hi, cool post! It works perfectly. Now i can use my VPN with Ubuntu! :D

    Anonymous said...

    Hi I'd like to thank you for such a great made forum!
    thought this is a perfect way to introduce myself!

    Sincerely,
    Hilary Driscoll
    if you're ever bored check out my site!
    [url=http://www.partyopedia.com/articles/bowling-party-supplies.html]bowling Party Supplies[/url].

    Anonymous said...

    This is my first post I'd like to congratulate you for such a great made forum!
    thought this would be a perfect way to introduce myself!
    The best way establish assets it is usually a wise conclusion to begin a savings or investing plan as soon in life as obtainable. But don't fear if you have not began saving your capital until later on in life. With honest work, that is experimenting the best investment vehicles for your assets you can slowly but surely increase your wealth so that it adds up to a big sum by the period you hope to retire. Scout out all of the accessible asset classes from stocks to real estate as investments for your money. A researched and diversified portfolio of investments in a wide range of asset classes can make your money age throughout the years.

    -Avis Christon
    [url=http://urwealthy.com]currency conversion [/url]

    Anonymous said...

    Can you recommend the most popular Remote Management & Monitoring tool shareware?
    I searched the web and found the following:
    Kaseya.com
    GFI.com
    Logmein.com

    They all look different... Does anyone has a priority?
    By the way did anyone try that software:
    N-able remote desktop software ?

    Mary Shane said...

    Are you doing this on a 64 or 32 bit system? I've been unable to keep the tunnel up long enough under a 32 kernel to set the routes up before it closes. (I must admit to not investigating very hard) On my 64 bit workstation I have no such issues.


    VPN

    Mary Shane said...
    This comment has been removed by the author.