[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Linux based firewall including OpenVPN

  • Subject: Re: [Openvpn-users] Linux based firewall including OpenVPN
  • From: Per-Olov Sjöholm <pos@xxxxxxxxxx>
  • Date: Sat, 2 Jul 2005 23:23:44 +0200

On Friday 01 July 2005 22.55, Mathias Sundman wrote:
> Hello everybody!
> First I must apologize for not answering many questions here on the
> openvpn list as I used to. I've been at home with my 1 year old kid since
> newyear, and when I don't work with OpenVPN on a daily basis my interest
> for it is not as big as it used to be. Anyway, I'll be back at work in
> september again and then I hope I'll get the inspiration back, so I can
> continue the work on OpenVPN GUI and solve the non-admin problem that
> a lot of people asks about...
> Anyway, I had a little off-topic question. My main task at work the last 5
> years or so has been seting up and maintaining linux based firewalls. At
> the beginning I used to do complete linux installtions based on Slackware,
> but since a few years back, I've been maintaining a homebrewed bootable CD
> inspired by the floppyfw project but extended to include more tools than a
> single floppy can hold.
> My system currently boots from the CD, creates a ramdisk and copies a
> directory containing all the necessary files to run the system from the
> CD. Then if copies all files from a floppy and executes a script that was
> on the floppy. This script installs additional optional packages from the
> CD and then proceeds executing the regular rc.d scrips similar to a
> slackware system (rc.S, rc.M and rc.inet1) which setups the network
> interfaces and firewall rules.
> The tools/applications I have on the CD is
> busybox
> dhcpd
> openswan
> openssh
> openvpn 1.5,1.6 and 2.0
> tcpdump
> tcpdump
> nslookup
> midnight commander
> top
> syslog
> I hate GUIs (despite the fact that I've written the OpenVPN GUI ;-)) so I
> administrate everything from commandline. My firewall scripts are simple
> bash scripts executing iptables commands and thats the way I like it.
> But, as I'm a single person with limited time, I've realized that to much
> of my time goes into maintaining this bootable CD and keeping everything
> up to date.
> So my question to the community is: Can anybody recommend a good living
> opensource project that does something similar to my system that I can
> take advantage of so I can spend my time on better things than keeping
> this system up-to-date when I'm sure a lot of other people a working on
> similar projects.
> It must be bootable from a R/O media with the config on a seperate volume
> like a floppy or harddrive partition. I don't want todo harddisk
> installations.
> It should include most the tools I've listed above.
> If it includes a GUI/web interface, well that's fine, as long as it's
> still simple todo everything I want from simple config files. I'd really
> hate to launch a web browser to configure my firewalls!
> If OpenVPN is not included that is not a major problem. If it's a good
> project that seems to have some future and fullfills my other wishes I'll
> spend my time on adding OpenVPN to the project...
> Cheers and good night // Mathias

Hej Mathias.

Here are some links. Hope it could be of any use.
(Personally I prefer OpenBSD on a harddisk)

Of the below projects I have used coyotelinux and floppy-1. Both work perfect. 
But I have heard that floppyfw should be really great. There are some useful 
links as well on the floppyfw  site.

Just pick one...

http://www.nmedia.net/~chris/soekris/   (hardware)

/Per-Olov Sjöholm
GPG keyID: 4DB283CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE

Attachment: pgposeRnkmJug.pgp
Description: PGP signature