1 |
Have a look also on Shorewall which integrate all of the above. |
2 |
http://www.shorewall.net/ (avalaible from portage). |
3 |
|
4 |
Gilles. |
5 |
|
6 |
-----Original Message----- |
7 |
From: Steven Coutts [mailto:scoutts@×××××××.uk] |
8 |
Sent: Wednesday, 07 April, 2004 10:02 AM |
9 |
To: gentoo-server@l.g.o |
10 |
Subject: RE: [gentoo-server] VPN server? |
11 |
|
12 |
I'd also recommend OpenVPN. |
13 |
|
14 |
Regards |
15 |
|
16 |
-----Original Message----- |
17 |
From: Eric Sammer [mailto:esammer@g.o] |
18 |
Sent: 07 April 2004 03:43 |
19 |
To: gentoo-server@l.g.o |
20 |
Subject: Re: [gentoo-server] VPN server? |
21 |
|
22 |
Sébastien Arnaud wrote: |
23 |
> I would like to setup a VPN server on a small Gentoo box to use it as |
24 |
> an IPSec head end for an office (basically to give remote access to |
25 |
> the members of the office). |
26 |
> Any package in the Gentoo tree that you can recommend to help me to |
27 |
> secure the box (firewall, packet filtering) and establish an IPsec tunnel? |
28 |
|
29 |
It sounds as if there's a few things you want to do. |
30 |
|
31 |
For a firewall, iptables is the way to go, no doubt. Make sure you enable it |
32 |
in the kernel and 'emerge iptables' to get the userland tools. |
33 |
This will also allow you to do stateful packet magic and the like. |
34 |
Snazzy stuff. (http://www.netfilter.org) |
35 |
|
36 |
As for IPsec and that sort of fun stuff, OpenSwan (was FreeSwan) seems to be |
37 |
one of the better options. It will do all manners of IPsec magic but I don't |
38 |
know what clients will work (at least not first hand). If I recall, IPsec is |
39 |
universal and most if not all clients should work in some capacity, but |
40 |
certainly don't quote me on that. |
41 |
(http://www.openswan.org and check out |
42 |
http://wiki.openswan.org/index.php/interoperating for interoperating with |
43 |
non-OpenSwan software.) |
44 |
|
45 |
> Any of you have any experience/thoughts to share? |
46 |
|
47 |
Iptables == your best friend. |
48 |
OpenSwan == a close second. |
49 |
|
50 |
Both of those sites have far more info, but hopefully this will get you |
51 |
going. Hope this helps and good luck. |
52 |
-- |
53 |
Eric Sammer |
54 |
Gentoo Linux |
55 |
http://www.gentoo.org |