In Part 1 of this tutorial, we walked through setting up a basic IPCop server that would work for most people. For people that want constant access to their files or want to take advantage of being secure no matter where they are, there is an IPCop module called Zerina that set ups OpenVPN on IPCop. Read below to find out how to set this up on IPCop. 

Download and Install

First thing is first, head over to http://www.zerina.de/ and click the Downloads button at the top of the page. Zerina comes in two flavors - a stable version and an alpha version. Unless you need experimental Net2Net connections (have two IPCop firewalls connected via an OpenVPN tunnel) or you like to live on the bleeding edge, grab the stable version. Download it to your desktop.

If you haven't already, turn on SSH access to your IPCop box. Log into your IPCop via http://192.168.0.1:81 (if you used a different GREEN address, use that instead of 192.168.0.1). Move your cursor over the 'System' tab and click on SSH Access. To turn on SSH just check the box next to SSH Access and click the 'Save' button.

Now you need to transfer this tar.gz file to the firewall. If you're using Windows I would recommend WinSCP, and for *nix just use the SCP command to push it over to root's home directory. When you connect to your IPCop firewall, remember to use port 222 instead of the default 22.

Sample scp command:

scp -P 222 ZERINA-0.9.4i-Installer.tar root@192.168.0.1:~

Now actually SSH into the box. Windows users can use puTTY. Log in as root with the password that you set up during the IPCop install. You are already in root's home directory so uncompress the Zerina package by typing in:

mkdir ZERINA; mv ZERINA-0.9.4i-Installer.tar.gz ZERINA; cd ZERINA; tar -zxf ZERINA-0.9.4i-Installer.tar.gz

The above makes a new directory, moves the Zerina file into the new folder, and then uncompresses it there. I do this instead of uncompressing the tar file into a new folder so that the tar.gz file is in there as well to keep everything organized.

Install the Zerina package by typing in:

./install

That's it for the SSH portion, so log off.

Configure

Head back to http://192.168.0.1:81, move your cursor over VPN, and click on OpenVPN. You will so the screen over on the right. This page has all of the configuration options for OpenVPN.

Now set up the following:

1. Check the box next to 'OpenVPN on Red'

2. Change 'Local VPN Hostname/IP:' to a different IP Range (ie 10.0.0.1)

3. Change 'OpenVPN Subnet' to the appropriate settings for your IP range

4. Change 'Protocol' to TCP

5. Check the box next to 'LZO-Compression:'

6. Click 'Save'

The page will refresh. Scroll down and click on 'Generate Root/Host Certificate.' Since this is a self generated certificate, you can type in pretty much any information in here that you want. Click the 'Generate Root/Host Certificate' button again to generate the certificate. This can take a while depending on how fast your firewall's hardware is. You will be pushed back to the main OpenVPN screen once this is done.

Scroll down and click on the 'Add' button 'Client status and control'. If you are using the stable version you can only click Roadwarrior, so just click the 'Add' button again. Fill out the form to generate an OpenVPN certificate for the computer that you want to access the VPN.

Now that everything is set up, click on the 'Start OpenVPN' button to start the server. If everything is set up correctly the status will change to 'Running.'

Set up OpenVPN on the Client

Download and install OpenVPN. For Windows users I suggest OpenVPN GUI as it allows the user to start and stop OpenVPN from a taskbar icon. *nix users can either download and compile OpenVPN or download it via their package managers.

The default install will work for most people. Once installed, you will have an icon on your taskbar.

Now to install the OpenVPN certificate from the server. Log back into IPCop and go into the OpenVPN page. Scroll to the bottom and you will see all of the certificates that have been created. There will be a small blue icon that says OVPN. Click on it to download the certificate files that you will need.

Extra these files in the C:\Program Files\OpenVPN\config folder on your client computer. Open the .ovpn file in a text editor and change the 'remote' line IP Address to point to your external IP. If you have a dynamic IP address I would suggest signing up for a dynamic DNS service like DynDNS.org (which IPCop has an update client for) and replacing the IP with your DynDNS address.

After this, just right-click on the OpenVPN icon on your taskbar and click connect. OpenVPN should connect to your firewall and give you an internal IP. From this point you can browse your home computers just like you were sitting at home.

From Ubuntu.com:

The Ubuntu developers are moving very quickly to bring you the absolute latest and greatest software the Open Source Community has to offer. The Gutsy Gibbon Tribe 1 is the first alpha release of Ubuntu 7.10, and with this new alpha release comes a whole host of excellent new features. The feature list for 7.10 has been slowly growing more exact since Gutsy opened late last month. While looking forward nothing is completely certain, here are some of the new things that have already arrived, such as GNOME 2.19, a new 2.6.22-rc kernel, as well as a good look at the approved specifications for Gutsy.

Screenshots: http://shots.linuxquestions.org/?linux_distribution_sm=Ubuntu%207.10%20Alpha%201

Release Notes: http://www.ubuntu.com/testing/tribe1

IPCop is a debian-based Linux firewall. It can turn any PC with two network cards into a powerful yet easy-to-use firewall. Going above and beyond what most consumer routers allow you to do, IPCop allows you to segregate your network into different sections (green for the trusted internal, orange for DMZ, red for internet, and blue for wireless), set up snort, vpn, and more. Read on to see how easy it is to set up.

First things first, download the ISO from http://www.ipcop.org. IPCop 1.4.15 is only about 50megs so it shouldn't take too long. Burn the ISO to a CD using your favorite burning software and then pop it into the machine you want to use for your new firewall. Set the PC to boot from the CD-Rom (check your bios or boot screen on how to do this).

1. You will be presented with the screen to the left. For most PCs you can just hit the key on your keyboard to start the boot. The distro is very small, so it shouldn't take long to boot from the CD. If there are any problems with booting from the CD, you may need to check out http://www.ipcops.com, which provides support for IPCop.

2. Select the language that you want to use for the install (in my case, English), and then click the OK button. Since we're using the CD, just select CDROM/USB Key for the installation media. The install program will automatically partition the hard drive.

3. Since this is a fresh install, just select SKIP since there isn't anything to restore.

4. The next section will allow set up the network cards. You can either probe and have IPCop automatically select it or manually select the driver. I pick Probe just to make sure that IPCop selects the right driver.

5. Type in the IP address that you want for the Green interface. This will also set up the DHCP address space for the Green interface. Once you save the IP, IPCop will tell you that it was successfully installed. Click OK one more time to continue.

6. Select your keyboard layout, timezone, and then enter the hostname and domain name for the firewall.

7. If for some odd reason you are using ISDN, you can configure it here. Otherwise, just select Disable ISDN.

8. Now to set up your network. Select 'Network Configuration Type' and pick what kind of network you want to set up. For a simple two NIC just select Green+Red if you are using broadband.

9. Select 'Drivers and Card Assignments' to set up the new Red card. Confirm that you want to change the settings, and it should see that there is an unallocated NIC. Assign it to Red.

10. Click on 'Address Settings', and then the Red interface. Select the type of internet connection you have (Static if your ISP gives you a static IP, DHCP for cable or Embarq DSL, and PPPoE for other DSL providers normally).

11. If you want to set up DHCP on the Green network, go down and select 'DHCP Server Configuration'. Fill in the settings that you would like to use.

12. Now to set all the passwords for the system. You will set up root (physical and ssh access to the box), admin (web interface user) and backup (backup userver). Once you have those typed in, the set up is complete and the box will reboot.

To access your new firewall, just go to http://:81 . From that point you can play around and go from there.