I have been trying to install two differenct vpn solutions to connect my laptop to my office. I have not had any luck and the troubleshooting guide was rather horrible and outdated. Has anyone sucessfully installed openvpn or openswan? The network appliance I am trying to connect to is a Sonciwall tz 170.

i use and have used openvpn on mandrake, fc4, fc5, winxp and windows server 2003.

i don't know what else to tell you because i don't know what your issues are - or, i may not be able to help you, at all.

but i think i've answered your query...


cheers,

I've been using OpenVPN. Since in my opinion is the easiest way to do the job. I have IPCop configured with OpenVPN. All you need to do is download the additional package to enable VPN in GUI mode. There, you can create your own certificates for the users and have it download to their laptop so they can use it.

The problem I am having is the installation and the configuration of Openvpn. Normally I can understand the install but this one is giving me trouble. More so the configuration. Can you point me to a good install how to other than the one from their website.

I do not know of a better howto than the one on the website (maybe there's some old article on linuxjournal or something). Seriously, what part of the howto are you having trouble with? OpenVPN is one of the easiest to implement. Instead of trying to conform to a standard, it makes up its own `standard', which is basically an extension to the well-proven SSL.

An even `easier' solution is tinc, which tries the same goal with a different approach. Last I checked (which admittedly was a few years ago) they had some pretty bad security holes to fix.

You haven't told us exactly what you want to do (site-site, roadwarrior, etc.). If you want a completely do-it-yourself approach, I suggest that you try to get OpenVPN working at a bare minimum level. Then start increasing features until you become satisfied with the results.

If you want to interoperate with SonicWall, however, I believe you are required to use IPSEC. IPSEC is a pretty confusing protocol for use as a VPN. The problem is that IPSEC was not designed for VPNs, but for end-to-end security in IPv6 networks. Then, it was backported to IPv4 to use with Oportunistic Encryption. Then, some people decided to use it for VPNs (that's two layers of indirection from its originally intended use). To fix problems along the way, hacks/workarounds were thought up. What you end up with is a very confusing method that gets very good security once you become accustomed to it.

The other problem with IPSEC (stemming from historical reasons) is its various implementations. Currently, openswan and strongswan (both forks of freeswan) can be made to work correctly with other implementations (including, IIRC, SonicWall). The problem is that programmers are lousy documentors and there is a lot of bad/outdated documentation out there. If you must interoperate with SonicWall, I think this is your only choice.

Whichever method you chose, try being a little more specific as to your problem.

I think I will look deeper into strongswan. The documentation look fairly descent. I am basically trying to make a roadwarrior vpn. Man I do not have that much knowledge on IPsec. I never knew that it was back ported. I will post the errors as I get them.