IPCop 140 Blue VPN HowTo

English Français

Blue VPN mini-tutorial/experience

John Bradshaw shared his experiences with setting up a VPN on Blue with the IPCop-user mailing list. He agreed to let me add his post to this Wiki. EO.

My biggest headache with IPCop has been getting VPN on Blue to work. Judging from the number of posts on this topic, I am not alone. I have it working now and thought I would post a little mini-tutorial for those others trying to figure it out.

1. Under the VPNs tab, enable the VPN on BLUE checkbox. Click Save.
2. Create your host/root certificates by clicking on the Generate Root/Host Certificates button. After creation, there are two lines. First line is Root certificate. The subject line should be something like: C=US, O=My Network, CN=My Network CA. You'll need this info later.
3. Add a new connection (on the same page). Select host-to-net (road warrior) connection. Give it a name like BlueNetwork. Interface (obviously) should be blue. Local subnet should be 0.0.0.0/0.0.0.0 (this will give you access to the green and red networks). For authentication, I am using certificates and not a pre-shared key, so I make sure that that line has the selected radio button. Fill in the name, country and password (and the other info if you want). Click Save.
4. Now you should have a connection named BlueNetwork. Download the certificate (click on the little disk icon) and save it on a floppy or usb drive. We'll call it blue.p12
5. My other computer (on the blue network) is a windows xp sp2 machine. With sp2 you need to follow the directions on this page: http://support.microsoft.com/default.aspx?scid=kb;en-us;885407∞ to all the client to traverse the nat network. I don't know if this was really needed, but my connection didn't work and I changed a couple of things (including this) and it worked.
6. On the Blue machine, download ipsec.exe tool. Download it from here: http://vpn.ebootis.de/package.zip∞. Follow the instructions here: http://vpn.ebootis.de/∞ starting with number 5. For step 8, you want to right click on personal (the first folder) -> all tasks -> import. The certificate you want to import is the one created in step 4 (blue.p12)
7. With the address of my blue nic 192.168.10.1 and my info from step 2: C=US, O=My Network, CN=My Network CA my ipsec.conf file looked like this:

   conn BlueNetwork
     right=192.168.10.1
     rightsubnet=*
     left=%any
     rightca='C=US, O=My Network, CN=My Network CA'
     network=auto
     auto=start

8. run ipsec.exe
9. It didn't work right away for some reason. Don't know why. I did a reboot, then reconnect/repair my wireless connection (even after it looked like it was already connected). It works though now and I have access to my fileserver and internal webserver (on green) and the internet (on red).
   1. One note about connecting to my network shares. I had to use the IP address directly (i.e. \\192.168.20.150\shared folder) instead of browsing the shares or using named shares (i.e. \\strongbad\shared folder).

Hope this helps and doesn't add confusion.

Good luck.

John Bradshaw
4 February 2005