[Leaplist] IPCop "Blue" zone, IPSec and OpenVPN,
etc... -- WAS: Another HW Q: Wireless Router?
Jason Boxman
jasonb at edseek.com
Fri Sep 18 13:25:53 EDT 2009
On Friday 18 September 2009 01:05:12 pm Bryan J. Smith wrote:
> Kevin, I'm not starting a debate. I just want to point what IPCop
> already has. I will only make this single post and leave it to others
> to respond if there is a need to. I will leave it at this single post.
>
> First off, as Bruce mentioned ...
> http://lists.leap-cf.org/pipermail/leaplist/2009-September/007732.html
> "Already have an IPCOP box with a Blue net, so that half's done."
>
> By "Blue" he means ...
>
> - RED = Internet
> - AMBER = DMZ
> - GREEN = LAN
> - BLUE = Segmented LAN
>
> IPCop already has a segmented "Blue" with configuration
> pages for "Blue Access" and other things. This is the
> basic configuration of IPCop 1.4.x, and has been for the
> last 3-4 years that 1.4.x has been around.
>
> Secondly, we come to IPSec and OpenVPN.
>
> IPCop already has IPSec built-in, so it will take WLAN clients
> coming over from the "Blue" and they can be configured for
> access/denial via IPSec.
>
> For OpenVPN, there is Zerina for IPCop, which adds the equivalent
> "Blue Access" details for OpenVPN, including generating and
> managing certificates, downloading a Zip configuration file for
> Linux/Windows (drop into a directory on a system with OpenVPN
> software installed), etc... Installing Zerina is little more
> than a tarball extraction and restart of select services (or
> reboot).
>
> Additionally, both IPSec and OpenVPN can be enabled for "Red
> Access" as well, over the Internet. It's just a different
> target IP/name (as you know from OpenVPN configuration).
Wow. I might just have to try IPCop if I ever need a dedicated router. Been
using gShield by godot for ages. Bash script that handles very basic
iptables. That's it. Been rolling my own for anything else.
--
"Don't put it in your mouth." - Arctic Silver 5 Manual
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Leaplist
mailing list