Where *nix and security meet the general public
Building a cheap secure wireless (WLAN) infrastructure with OpenVPN and Linux (an advanced tutorial of OpenVPN)
Step 9: Securing the server and enabling forwarding.
Now, we are almost done, so you have a VPN server, all access points are set and working, you can access the “public” WLAN and you can get from your LAN to the VPN network. Theoretically that should be it. Well not exactly, right now your OpenVPN server is wide open, and it even forwards packages to the “public” network. You do not have a route to the public network but return spoofing isn’t rocket science.
So you want to enable IP Forwarding permanently on that server but also make a firewall that allows only connections on port 67 UDP (DHCP), 53 UDP (DNS) and 1194 TCP (OpenVPN). To do this I have made a simple small IPTables script here but for in depth explanation and learning please check the IPTables explained articles series.
Once you have the firewall up and running you are done, you can now connect clients to the Wireless network and to your LAN. You should configure a proxy for public internet access but that is not part of this tutorial. Though this tutorial is pretty in-depth it is not fully 100% complete and you will need to read up on things to understand them better. But this at least should give you a pretty good introduction and get you pretty much 80% there.
Technorati Tags: central authentication, cheap solution, corporate lan, fast secure, linux unix, openvpn, open source, security, wep encryption, wireless infrastructure, wlan, wlan meetingroomPopularity: 58% [?]
WOW, that is some long article. Must have taken ou ages to put this together, kudos thou. Very well done.
//Kr0ll
Thanks, it did. Anyone with recommendations for APs or switches?
I think, is better to edit the copied .vars and set the following which you will find near the end of this file:
export KEY_COUNTRY=”IN” # Two letters youe countary code
export KEY_PROVINCE=”UT” # Name of your State/Provice
export KEY_CITY=”Chandigarh” # Name of your city
export KEY_ORG=”Anu’s Linux@HOME” # Name of your organization
export KEY_OU=”Wireless Network” # Name of the Unit/Division
export KEY_EMAIL=”admin@cto.homelinux.net” # Admin’s e-mail
before you run . ./vars
nice one, thanks.
Yes that would be an easier way and saves you a lot of time.
//Flosse
[…] Secure wireless Filed under: Linux — 0ddn1x @ 2007-01-04 04:09:43 +0000 http://blog.2blocksaway.com/2006/12/11/building-a-cheap-secure-wireless-wlan-infrastructure-with-openvpn-and-linux-an-advanced-tutorial-of-openvpn/ […]
Wow. Nice work.
I am part of popular demand and would like a pdf version.
thanks!
PDF version of this article will be available within this weekend. Also the IPtables tutorial will be done then!
Thanks to everyone
Hello
Thanks for posting the pdfs…however, when I open them in Preview or Acrobat 5/6 Reader or Pro, I see the images, but no text.
This is for both this article and the IPtables. Is there compatibility issue that I am unaware?
sorry, my bad. It is now fixed on the articles that have PDF and TXT versions. This means all iptables parts, the openvpn and the porn blocking proxy. PDF and txt will from now on uploaded as the articles are written
cheers to you!
[…] [ link ] Converter em pdf. […]
hi nice site.
thanks… glad someone finds it useful