Sie sind hier: ZERINA / ZERINA for IPCop
English
Deutsch
Wednesday, 30-07-2014

About

 

OpenVPN for IPCop 1.4.10

Introduction


I use IPCop now for several years, and VPN was allways a mainly used feature.

With the 1.4 release it was possible to define roadwarrior connection but this part is hard to configure except when using certificates, so i was allways searching for alternatives ways to use roadwarrior VPN connections.

Inspiered through an article in the c't magazine about OpenVPN, i googled for existing OpenVPN addons.
I found several links, one off them LINK was an addon from Markus Hoffman wich adds OpenVPN support to IPCop >=1.42 but this addon has no gui, so i contacted Markus about adding a gui for his addon, and so i started.

After two days of programming, i found a page where some people had allready build and OpenVPN addon with guil called ZERINA, as their gui was more ready then my two days of work, i contacted them to cooperate for an improved gui, that was the start for my ongoing attemp of a new gui for OpenVPN. The code mainly depens on part of the IPCop cgi pages vpnmain.cgi, xtaccess.cgi and portfw.cgi

 

The idea

..was to provide an easy way for roadwarrior clients to connect to the LAN (green interface) based on certificates.

Features

  • running and configuring an OpenVPN Server Daemon for accessing the IPCop Lan (Green interface)
  • all necessary functions can be configured
  • uses/creates a second PKI wich does not involve the IPCop ipsec PKI
  • experimanetal function to enable/disable a client certificate, without revoking the client (verify script)
  • support for OpenVPN connections from BLUE and ORANGE networks
  • new proxy.cgi with OpenVPN support (this feature has been removed, adding OpenVPN subnet to the allowed hosts/nets in proxy setup gains OpenVPN connetions access to the proxy)
  • new connections.cgi with OpenVPN support
  • new functionality, display Connections Statistics, adapted from R.I.Pienaar's php source to perl
  • easy client handling, download a client package zip archive with certificate(s) + config file
  • some more things i cannot remeber anymore

 

Todo / bugs / missing functions


  • note! only tun support is implemented if you choose tap it won't work
  • only roadwarrior (host2net)connections are possibe, net2net will come later (in the 0.9.7x alpha series net2net is possible)
  • only certificate based connections are possible (static keys will probably come later)
  • configuring the authentication mode
  • integrate Kevin Stefanik scripts to restrict the client access
  • when the first final version is ready we will package the whole thing for the addon-server
  • etc etc