| 1 |
I'd also recommend OpenVPN. |
| 2 |
|
| 3 |
Regards |
| 4 |
|
| 5 |
-----Original Message----- |
| 6 |
From: Eric Sammer [mailto:esammer@g.o] |
| 7 |
Sent: 07 April 2004 03:43 |
| 8 |
To: gentoo-server@l.g.o |
| 9 |
Subject: Re: [gentoo-server] VPN server? |
| 10 |
|
| 11 |
Sébastien Arnaud wrote: |
| 12 |
> I would like to setup a VPN server on a small Gentoo box to use it as |
| 13 |
> an IPSec head end for an office (basically to give remote access to the |
| 14 |
> members of the office). |
| 15 |
> Any package in the Gentoo tree that you can recommend to help me to |
| 16 |
> secure the box (firewall, packet filtering) and establish an IPsec tunnel? |
| 17 |
|
| 18 |
It sounds as if there's a few things you want to do. |
| 19 |
|
| 20 |
For a firewall, iptables is the way to go, no doubt. Make sure you |
| 21 |
enable it in the kernel and 'emerge iptables' to get the userland tools. |
| 22 |
This will also allow you to do stateful packet magic and the like. |
| 23 |
Snazzy stuff. (http://www.netfilter.org) |
| 24 |
|
| 25 |
As for IPsec and that sort of fun stuff, OpenSwan (was FreeSwan) seems |
| 26 |
to be one of the better options. It will do all manners of IPsec magic |
| 27 |
but I don't know what clients will work (at least not first hand). If I |
| 28 |
recall, IPsec is universal and most if not all clients should work in |
| 29 |
some capacity, but certainly don't quote me on that. |
| 30 |
(http://www.openswan.org and check out |
| 31 |
http://wiki.openswan.org/index.php/interoperating for interoperating |
| 32 |
with non-OpenSwan software.) |
| 33 |
|
| 34 |
> Any of you have any experience/thoughts to share? |
| 35 |
|
| 36 |
Iptables == your best friend. |
| 37 |
OpenSwan == a close second. |
| 38 |
|
| 39 |
Both of those sites have far more info, but hopefully this will get you |
| 40 |
going. Hope this helps and good luck. |
| 41 |
-- |
| 42 |
Eric Sammer |
| 43 |
Gentoo Linux |
| 44 |
http://www.gentoo.org |
Archives