Watchman
If you are using the IPCop Linux firewall, the Zerina OpenVPN package can help to establish the tunnel. It integrates the complete OpenVPN, including certificate administration, into the IPCop web front end. What makes this particularly attractive is that clients can download all of the necessary files in a single .zip file. Howtos explain all of the steps needed to connect two networks, for example, or to provide secure LAN access to WLAN clients in the "blue" network. Zerina is still in a very early stage of development, but it delivers highly satisfactory performance and is stable.
![image 4 [400 x 332 Pixel @ 17,8 KB]](/imgs/44/3/7/1/1/9/9/8d465a360934dcd6.jpg)
Zerina integrates the complete OpenVPN administration into the IPCop web front end.
With version 2.0 and up, OpenVPN can also be used in combination with OpenWRT, a Linux distribution for WLAN and DSL routers. During installation of this small package, the packet management includes the OpenSSL crypto library as well as the compression library, lzo, and installs the TUN interface as kernel module, kmod-tun. Because routers have so little memory, there is no OpenVPN porting for the Easy RSA script MIPS architecture, which eases key and certificate generation. Alternatively, this can be done manually with Open SSL or it can be performed on a full-fledged Linux or Windows system. OpenVPN is configured the same way as in the normal distribution. In some cases it may make sense to reduce the MTU to around 1400 if performance problems arise.
OpenVPN is very close to the ideal VPN solution: powerful technology but not unnecessarily complicated, and it is not just free, but completely open. Weaknesses include the graphic front ends that are not yet very well developed and the fact that the TAP driver for Windows is still in the beta stage and not Microsoft certified, which the operating system points out during installation. A crashing driver can drag the entire operating system into the abyss, although we in the editorial office have not yet had any problems. From a security standpoint as well, nothing is wanting in OpenVPN. In addition to the points already mentioned, the possibility of locking the program into a chroot environment, in Unix systems at least, and putting an additional TLS authentification in front of it to reduce vulnerability to attack, speaks further for OpenVPN.
Ah, the joy of networking (je)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
