In Part 1 of this tutorial, we walked through setting up a basic IPCop server that would work for most people. For people that want constant access to their files or want to take advantage of being secure no matter where they are, there is an IPCop module called Zerina that set ups OpenVPN on IPCop. Read below to find out how to set this up on IPCop.ÂÂÂ
Download and Install
First thing is first, head over to http://www.zerina.de/ and click the Downloads button at the top of the page. Zerina comes in two flavors - a stable version and an alpha version. Unless you need experimental Net2Net connections (have two IPCop firewalls connected via an OpenVPN tunnel) or you like to live on the bleeding edge, grab the stable version. Download it to your desktop.
If you haven't already, turn on SSH access to your IPCop box. Log into your IPCop via http://192.168.0.1:81 (if you used a different GREEN address, use that instead of 192.168.0.1). Move your cursor over the 'System' tab and click on SSH Access. To turn on SSH just check the box next to SSH Access and click the 'Save' button.
Now you need to transfer this tar.gz file to the firewall. If you're using Windows I would recommend WinSCP, and for *nix just use the SCP command to push it over to root's home directory. When you connect to your IPCop firewall, remember to use port 222 instead of the default 22.
Sample scp command:
scp -P 222 ZERINA-0.9.4i-Installer.tar root@192.168.0.1:~
Now actually SSH into the box. Windows users can use puTTY. Log in as root with the password that you set up during the IPCop install. You are already in root's home directory so uncompress the Zerina package by typing in:
mkdir ZERINA; mv ZERINA-0.9.4i-Installer.tar.gz ZERINA; cd ZERINA; tar -zxf ZERINA-0.9.4i-Installer.tar.gz
The above makes a new directory, moves the Zerina file into the new folder, and then uncompresses it there. I do this instead of uncompressing the tar file into a new folder so that the tar.gz file is in there as well to keep everything organized.
Install the Zerina package by typing in:
./install
That's it for the SSH portion, so log off.
Configure
Head back to http://192.168.0.1:81, move your cursor over VPN, and click on OpenVPN. You will so the screen over on the right. This page has all of the configuration options for OpenVPN.
Now set up the following:
Check the box next to 'OpenVPN on Red'
Change 'Local VPN Hostname/IP:' to a different IP Range (ie 10.0.0.1)
Change 'OpenVPN Subnet' to the appropriate settings for your IP range
Change 'Protocol' to TCP
Check the box next to 'LZO-Compression:'
Click 'Save'
The page will refresh. Scroll down and click on 'Generate Root/Host Certificate.' Since this is a self generated certificate, you can type in pretty much any information in here that you want. Click the 'Generate Root/Host Certificate' button again to generate the certificate. This can take a while depending on how fast your firewall's hardware is. You will be pushed back to the main OpenVPN screen once this is done.
Scroll down and click on the 'Add' button 'Client status and control'. If you are using the stable version you can only click Roadwarrior, so just click the 'Add' button again. Fill out the form to generate an OpenVPN certificate for the computer that you want to access the VPN.
Now that everything is set up, click on the 'Start OpenVPN' button to start the server. If everything is set up correctly the status will change to 'Running.'
Set up OpenVPN on the Client
Download and install OpenVPN. For Windows users I suggest OpenVPN GUI as it allows the user to start and stop OpenVPN from a taskbar icon. *nix users can either download and compile OpenVPN or download it via their package managers.
The default install will work for most people. Once installed, you will have an icon on your taskbar.
Now to install the OpenVPN certificate from the server. Log back into IPCop and go into the OpenVPN page. Scroll to the bottom and you will see all of the certificates that have been created. There will be a small blue icon that says OVPN. Click on it to download the certificate files that you will need.
Extra these files in the C:\Program Files\OpenVPN\config folder on your client computer. Open the .ovpn file in a text editor and change the 'remote' line IP Address to point to your external IP. If you have a dynamic IP address I would suggest signing up for a dynamic DNS service like DynDNS.org (which IPCop has an update client for) and replacing the IP with your DynDNS address.
After this, just right-click on the OpenVPN icon on your taskbar and click connect. OpenVPN should connect to your firewall and give you an internal IP. From this point you can browse your home computers just like you were sitting at home.