FreeSwan/IPSec is the way to go. It's used in a lot of professional environments.
Sure is-- I work at one of the largest makers of VPNS (among other gear), and I've even taken courses on configuring VPN concentrators and clients. I use a hardware VPN for my IP phone and it works great, but setting something like that up is much more complex then a simple OpenVPN setup, which can be little more than a tun module (usually included with any kernel), a user space daemon, and a few lines of shell script.
I slimmed down what I have a bit, but basically throw a script in /etc/inittab on the Z with something as simple as this in it:
$REMOTEIP=192.168.0.11
iwconfig wlan0 essid SOMESSID channel 1 rate auto mode managed
ifconfig wlan0 192.168.0.8 netmask 255.255.255.255 up
route add -host $REMOTEIP dev wlan0
/etc/openvpn/openvpn --verb 0 --remote $REMOTEIP --dev tun0 --ifconfig 10.0.9.8 10.0.9.6 --secret z.key --port 5001 --float --up "route add default gw 10.0.9.6 dev tun0; route delete default gw 192.168.0.1; #"
..and on the server put something like:
openvpn --verb 0 --dev tun0 --ifconfig 10.0.9.6 10.0.9.8 --secret z.key --port 5001 --float
..depending on how else your system is setup, after generating the key (and ensuring your server is doing ipforward/masq), really all you may need are the single lines on client and server that call OpenVPN. Very simple really! The first chunk of code will ensure my Z is on the net, has the right IP address (it's 182.168.0.
, and then once it's on the VPN it's 10.0.0.9.8. The server is really 192.168.0.6 and it's VPN address to the Z is 10.0.9.6.
It's pretty lightweight too-- the OpenVPN daemon is currently using ~1200k, even the tun module is only ~4k once loaded. That's actually a little LESS memory then would be taken up by just doing a simple ssh portforward like "ssh -L 143:localhost:143 imapserver -N". Not bad for a complete tunnel!
..that reminds me, for another very simple, *nearly* complete VPN solution, you can use ssh with it's SOCKS proxy abilities. "ssh -D 1080 myserver -N" would bring up a SOCKS5 proxy, and if you had socks capable clients, *OR* used something like tsocks or proxychains (for which you can find a z binary on my web site) you can capture all TCP or UDP (with tsocks) traffic and pipe it all through the ssh tunnel. Doing something like starting Opie like "proxychains /etc/init.d/opie start" or "tsocks /etc/init.d/opie start" *should* put your whole Opie session under the SOCKS/SSH proxy. I haven't done it specifically with Opie, but have for shell based things like ipkg installs.
Just now (in a Debian chrooted environment on my Z under OZ 3.5.1) I went "apt-get install -y tsocks ; alien -t /var/cache/apt/archives/tsocks_1.8beta5-2_arm.deb" and put the converted .tgz file which should run fine on OZ with the appropriate libaries (included already? maybe). The results .tgz file in in the bin directory of my website.
..anyway, lots of ways to do lots of things with unix :-)
Anyway, My web page is here:
Zaurus in the Undertow
Show Posts
