# VPN and firewall Solution

## grooveman

Hello again. 

I want to do a vpn/firewall solution for a small office of mine.  We need IPSEC to connect to a vendor directly (unfortunately, SSL won't do), and I will want to be able to have "road-warrior" connections as well.

I haven't found any good, cheap solutions out there.  It seems most are either really expensive, or very expensive (and everyone wants a monthly fee for nothing, and we are not interested in monthly fees).

So, I am looking at OpenSwan.  It will probably do what I need it to do, but I don't have any real experience with IPSEC yet (other than as a user).  Because this is the only external IP, it is also incumbent upon me to consider firewall/NAT needs.  As far as I can see, there is no good, open source, bundled solution, so I will have to manage this via IPtables.  It is a lot to manage by hand, however, and doesn't seem like the most efficient use of time...

What I want to know is: Is this an optimal approach considering a tight budget constraint? Is there a better solution out there that is reasonably inexpensive for a small office environment?  Anyone else out there doing what I am considering?  What do other people use to achieve these ends?

Thanks for the feedback!

G

----------

## cach0rr0

does it have to be a purely-software solution?

if not, and you have hardware to throw it onto:

http://m0n0.ch/wall/

http://www.pfsense.org/

http://www.ipcop.org/

http://www.zeroshell.net/eng/

----------

## grooveman

 *cach0rr0 wrote:*   

> does it have to be a purely-software solution?
> 
> if not, and you have hardware to throw it onto:
> 
> http://m0n0.ch/wall/
> ...

 

No, I would actually prefer it if it were a hardware solution.  I already use IPcop, and have heard of pfsense -- but, I didn't think that ipcop had ipsec onbaord, only ssl.  I guess I was wrong...  I just found this...

http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBUQFjAA&url=http%3A%2F%2Fwww.jumpingbean.co.za%2Ffiles%2Fipcop.pdf&ei=sBajTYCgBqSM0QHN-7CFBQ&usg=AFQjCNGab24FsyAIp3hndGdXty4JtJxMXg&sig2=PGv9ohLj77jSEP-gpSBqGQ

After about a million google searches, I don't know how I missed that....

Do the others support road warrior connections via IPSEC?

----------

## cach0rr0

assuming that means something like L2TP, I know pfsense does support it, as does zeroshell, don't think m0n0 does (it supports site-to-site ipsec, but not l2tp I don't think)

I've not done anything more than tinker with zeroshell, to be honest. I *have* used pfsense in production, keeping a list of local accounts rather than RADIUS auth, and it does work quite well. Haven't done anything with ipcop beyond playing in a VM, no idea how its support is for L2TP.

----------

## grooveman

 *Quote:*   

> assuming that means something like L2TP, 

 

yeah, that is what I mean  :Smile: 

Thanks, you have given me something to look further into!

----------

