Migrating from IpCop 2.0 to Endian. Strugle with VPN

[Guest]

[lurifax]

Hi,
First of all, thanks to all you developers who make such nice tools for people like me.
I'v been using IpCop 1.4.21, and is now moving to Ipcop 2.0 OR Endian

Ipcop is great, but lacks SNAT functions wich I need. Endian got all this but I seem to strogle with getting VPN up and running.
Has read the docs but must say I did not understand how to get it up.

Ipcop 2.0 use almoust the same VPN tec so I should be able to get it running in Endian also.

Have tried to search internet for a step by step install of VPN on Endian with no luck.
anyone have any link or such howto?

I'm planning on using OpenVPN client from Windows computers, but can not figure out how to setup endian to get this running.

[jayanthan]

First Download Open VPN client from " openvpn.se/download.html"

Under VPN => click "OpenVPN server enabled & Bridged"

Select Bridged to "Green" => set ur Desired IP range.

then  create an account with a user name & Pwd. Then Download CA certificate.

rename the Download the CA Certificate into "efw.pem"

and put that file into "C:\Program Files\OpenVPN\config"

Now try to connect.

[lurifax]

Thank you for yout help.
Should the IP adress be in the range of my internal network, or as it is on IpCop on another fraction?

my green is 10.2.2.1 my servers are of course on 10.2.2x net also.
In IpCop I simply used 10.2.3.0/24 and got an IP adress from that range when i connected.

This "green" bridge thing, does it meen there is no routing in Endian OpenVPN?
If so, where do i get    an IP adress from?  my internal DHCP server?  IF so should i set start-end equal to my DHCP server (No DHCP on Endian)

Rather new to this, so sorry if my question is plain and somewhat "stupid."
The whole OpenVPN is wey easy to get up and running on IpCop. I'm sure it is on Endian as well when one understand how this works.

Should Everything be done from OpenVPN first menu (nothing to b done under Ipsec and gw2gw page?

[mrkroket]

Green bridge means that the OpenVPN interface is bridged to GREEN, it means nothing about the subnets behind the VPN clients.

How OpenVPN works on Endian:
-1 EFW must be the OpenVPN server, the rest are clients. Each role is configured in a different tab, so the server is configured on OpenVPN server and the rest of Endian firewalls must be clients and therefore will be configured from OpenVPN client (gw2gw)
-On OpenVPN server->Accounts create as many OpenVPN accounts as remote endians you have, and define the subnets behind that client.
   I.e. to create a network of 4 endians, 1 should be the server and 3 will be the clients. On server create 3 accounts and each one define the "Networks behind client".
-On OpenVPN Server->Advanced block the DHCP responses  from the tunnel, and push the desired local subnets to clients. Remember, only put local subnets (like the subnet in Orange, in BLUE, etc..). Push nameservers and your domain name.
-Restart the OpenVPN server. Now your main EFW is accepting OpenVPN connections.
-Download the OpenVPN server certificate, you'll need it on each client
-On Firewall->VPN define the rules you want to control the VPN traffic. If you don't want to block anything, don't disable the firewall, just create an allow all rule.

On each client (slave Endian):
-Go to OpenVPN Client and add a tunnel configuration. It's very straightforward. Add your server certificate, server IP address, user, pass, etc...
-On Firewall->VPN define the rules you want to control the VPN traffic. If you don't want to block anything, don't disable the firewall, just create an allow all rule.
-And done! the system should connect automagically.


On each client (windows client):
-Install OpenVPN client.
-On OpenVPN's config dir, add  your server certificate
-create this config file:

Code:

client
float
dev tap
proto udp
port 1194
remote AA.BB.CC.DD
remote FA.IL.OV.ER
resolv-retry infinite
nobind
persist-key
persist-tun
ca Firewall.pem
auth-user-pass
pull
comp-lzo