Re: road warrior VPN with IPCop2
Hi.
On Thu, Sep 10, 2015 at 10:34:30PM -0500, rlharris@oplink.net wrote:
> I am trying to understand the options for accommodating a "road warrior"
> who, as a VPN client, needs to connect to one or more machines which
> reside at the home office, in a LAN protected by a stand-alone firewall.
> The road warrior is running Debian on a laptop. The firewall protecting
> the LAN is IPCop2.
>
> After much searching with google and reading a number of documents, it
> appears to me that there exist two approaches:
>
> (1) The firewall can act as the VPN server; this allows the roadwarrior to
> access the entire protected LAN.
>
> (2) The VPN can bypass the firewall; in this case, one machine in the
> protected LAN acts as the VPN server.
>
> Either of these solutions is acceptable.
>
> I do not know whether the use of IPCop2 simplifies or complicates the
> situation; but the user strongly prefers to remain with IPCop2 rather than
> to switch to another firewall.
Usage of IPCop2 seems to simplify things, as if [1] to be trusted,
IPCop2 can function as openvpn server.
Hence, all you need to do is to configure IPCop2 *and* use conventional
openvpn on client side.
The only hard choice for you to make is whenever openvpn server will use
udp:1194 (faster), or tcp:443 (slower, but client can use openvpn via
HTTP proxy if needed).
[1] http://www.ipcop.org/2.0.0/en/admin/html/vpns-openvpn.html
Reco
Reply to: