0

I am using Linux (Debian) as my server platform and want to configure the following:

A remote user can connect to a secure VPN server and use its IP to access the Internet, mostly for browsing and e-mail.

I read a lot about OpenS/WAN+L2PT and OpenVPN but I am still confused how I should configure it. I would prefer IPSec+PPTP/L2PT since the road warrior doesn't have to install any extra software on iPhone/Windows7.

Is there a good how-to for IPSec or what would you suggest?

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
Phoibe
  • 43
  • 4

2 Answers2

1

Normally I'm a big proponent of OpenVPN/OpenVPN-AS, but if you're looking for an iPhone client you're out of luck, unless your road warriors are willing to jailbreak. If you don't want to install any extra software, PPTP is probably the easiest thing to set up on both ends.

EDIT: Heh, if you're not worried about the wrath of the iPhone user, OpenVPN is great. I'd recommend OpenVPN-AS if you can afford the pretty cheap ($5 per concurrent VPN user!) cost, as it greatly simplifies installation, configuration, and management. Have had very good experience with it on Debian/Ubuntu hosts.

If you absolutely don't want users to have to install clients, PPTP on debian is also pretty easy to set up. If you want Windows users to use the VPN server's gateway for internet access, make sure that they check the 'Use default gateway on remote network' box under [VPN Connection Properties] > Networking tab > highlight Internet Protocol(TCP/IP) in list and choose 'Properties' button > 'Advanced' button (this should be checked by default).

nedm
  • 5,630
  • 5
  • 32
  • 52
  • iPhone users (1) of 25 can be neglected =) Is there a good How-To out there? I tried once but I messed it up somehow haha – Phoibe Mar 13 '11 at 07:54
  • @Phoibe, See my edit for a couple of options. – nedm Mar 13 '11 at 08:22
  • Just to update, as of August 2012 there is still no OpenVPN client for iPhone without jailbreak. However, as of Android 4.0/ICS, there is a fantastic OpenVPN Android client available that does not require rooting. – nedm Aug 03 '12 at 20:50
1

I was successful in using OpenVPN, and the HOWTO to install it on their side. Works like a charm, and I can connect from Windows XP, 2007, Debian Linux 4.0, 5.0, and MaxOS X 10.4 and 10.6 (these were my tested platforms).

To make live easier, I created a script that creates the files for new accounts for me:

if [ "$1" == "" ]; then
    echo 'USAGE: openvpn-adduser <username>'
    exit 0
fi

cd /etc/openvpn/easy-rsa
source ./vars
./pkitool $1

mkdir /etc/openvpn/$1
cd /etc/openvpn/$1

mkdir myserver-keys
cp ../keys/$1.key myserver.de-keys
cp ../keys/$1.crt myserver.de-keys
cp ../keys/ca.crt myserver.de-keys
sed -e 's/USER/'"$1"'/g' < ../default-client.conf > $1.ovpn

zip -vr ../$1.zip .

rm myserver.de-keys/*
rmdir myserver.de-keys
rm $1.ovpn
cd ..
rmdir $1
Daniel
  • 844
  • 7
  • 24