firewall and VPN

firewalls

shorewall. used it once a long time ago.  http://www.shorewall.net/Install.htm (Note, set up your apt sources before doing an install.

ufw. uncomplicated fire wall. New to Ubuntu. CLI and sudo apt-get install gufw for a GUI. Might be alright. Basic command line starter page here; http://www.basicconfig.com/security/setup_firewall_ubuntu_using_ufw
One good thing about ufw is that you can have ‘profiles’ for it. This might be very helpful when using firewalls with say pac control / pac display, or in this guys case; games. http://jhansonxi.blogspot.com/2010/10/ufw-application-profiles.html

firestarter. Used it for years. sudo apt-get install firestarter  http://www.techotopia.com/index.php/Using_Firestarter_to_Configure_an_Ubuntu_Linux_Firewall
Worth noting (?) that both ufw and firestarter are just ‘better’ interfaces to Ubunut’s iptables. (Which I tried using and bleed from the eyeballs till Dan rescued me with firedog (a cut down version of firestarter – I think)).

vpn

Firstly we must install pptpd:

apt-get install pptpd
Once installed we have a few configuration files we need to change…

we need to edit the main pptpd configuration…

nano /etc/pptpd.conf
and now add the following lines to it…

localip 192.168.1.100
remoteip 192.168.0.22,192.168.0.33
Where the €œlocalip€ is the address of the server, and the remoteip are the addresses that will be handed out to the clients, it is up to you to adjust these for your network’€™s requirements.

Now we need to edit the €œ/etc/ppp/pptpd-options€ configuration file:

nano /etc/ppp/pptpd-options
Append to the end of the file, the following directives:

ms-dns 192.168.0.1
nobsdcomp
noipx
mtu 1490
mru 1490

Where the IP used for the ms-dns directive is the DNS server for the local network your client will be connecting too and, again, it is your responsibility to adjust this to your network€™s configuration.

Edit the chap secrets file:-

nano /etc/ppp/chap-secrets
Add to it the authentication credentials for a user€™s connection, in the following syntax:-

username <TAB> * <TAB> users-password <TAB> *
Restart the connection’s daemon for the settings to take effect:

/etc/init.d/pptpd restart
If you don€™t want to grant yourself access to anything beyond the server, then your done on the server side. – Your PPTP Server is setup and ready to go!

Don’t forget to port forward port number 1723 (and 47?) on your router to point to the Ubuntu Linux Server

You want more (Enable forwarding)??

While this step is optional and could be viewed as a security risk for the extremely paranoid, it is my opinion that not doing it defeats the purpose of even having a VPN connection into your network.

By enabling forwarding we make the entire network available to us when we connect and not just the VPN server itself. Doing so allows the connecting client to €œjump€ through the VPN server, to all other devices on the network.

To achieve this we will be flipping the switch on the “forwarding€ parameter of the system.

Edit the sysctl€ file:

nano /etc/sysctl.conf
Find the €œnet.ipv4.ip_forward€ line and change the parameter from 0 (disabled) to 1 (enabled):

net .ipv4.ip_forward=1
You can either restart the system or issue this command for the setting to take affect:

sysctl -p

Leave a comment