VPN setup for Remote users
 

Hello All,

I'm new here (and to linux for that matter), but I thought this question might find an answer here quicker than it would in the newbie section.

I want to setup a linux firewall/vpn box for a small office. I understand that most any distro can be used as a firewall using the IP tables, and I have installed and played around with Smoothwall. However what I am looking for is a (simple) solution for configuring VPN access by remote users (telecommuting employees).

I've found a some information on a package called PopTop, but haven't investigated fully. If I can use the collective experience and expertise from whiz kids on this site, maybe i can save a litte time, and heartache too!

Thanks in advance,

This will get you rocking...
 

Very simple, and elegant. forget about the packages you're talking about and if you merely follow the simple examples in the two links below you're off and flying.

Also, I wouldn't bother with doing this on smoothwall either. I would let the packets pass through to another Linux box behind the firewall to alleviate the load. Let the firewall do the firewalling and simply allow from the various user IPs passing it through (redirecting the packets) to the machine behind the firewall to handle the tunnels themselves - but that's just me.

http://lartc.org/howto/lartc.tunnel.gre.html

http://www.linuxdocs.org/HOWTOs/Adv-...g-HOWTO-5.html

Even reading these two HOW-TOs slowly, you can have your users tunneling in within 15 minutes quite easily ;)

Otherwise, you may want to get ASTARO Security Linux (I'm not a smoothwall fan for anything but the home user - I don't like their inflexible 'zone' concepts), and then you can point and click - but it will take you much longer to set up the VPNs, and you'll prolly lock yourself out once or twice from the remote firewall server till you get the hang of it, coz you gotta do both sides of the equation - don't forget that so leave your own IP completely Permissioned to traverse the WAN and then test on another box to verify.

Seriously, GRE tunnels are easy, and supported by CISCO too.

I hope that helps :)

One I've used successfully that is EASY to setup and supports both Windows and Linux clients is OPENVPN-AS. When the user points his browser to your server, the program asks him for a login and password the first time only (the one you allow by creating that user in Linux). It then creates an install file on-the-fly for the Windows or Linux version (whichever is chosen by the user). The user double-clicks on it to download it, then runs it. Everything is then done for the user so that when they click on the icon, it will ask them for their password then log them into the server as a VPN user. Browse to http://openvpn.net/ and download the OpenVPN Access Server to install it on your Linux box.

They are very responsive to help requests (my first question got a reply within 2 hours). You do have to register to get the two free simultaneous client licenses. If you need more, it's $5.00 per user minimum 10 users after that - very cheap for what you get.

Forgot to mention - they have versions for Ubuntu (I'm using 9.04), CentOS4 (which I personally verified works for Redhat EL/ES4) and CentOS5, Fedora and VMWare.