Setup of a VPN server using IPFire
Homeoffice without limits
20 March, 2020 by
Setup of a VPN server using IPFire
manaTec GmbH, Jan Wiegand
 

The COVID-19 pandemic is presenting us with some major challenges at the moment, and employers and employees in particular have to consider how they will continue to ensure their company's ability to do business in the short term due to the recommended precautionary measures. In this regard, many companies are already following the recommendation to have their employees work frome home. This is to keep social contact to a minimum and slow the spread of the coronavirus.

However, the possibility of working from home is not only discussed in connection with the corona virus. For some time now, working from home has been a sensible option due to increasing digitalization and is a frequent benefit for employees in terms of work-life balance and trust-based working hours.

When working from home, just like in the office, we need our hardware and software to be able to work without restrictions. For example, there are employees who set up the complete office equipment including PC, several monitors, keyboard, mouse and telephone within their own homes. For others, a laptop is all they need to carry out their daily tasks.

Whether in the office or at home, one of the most important issues is the security of IT or internal data. Even at home, employees need to access the company's ERP system and servers or exchange sensitive data. For this purpose, it is advisable to set up a VPN server to which employees in the home office can connect and thus have unrestricted access to all company information.

The VPN, Virtual Private Network, offers the possibility to move around in the company's own network and to process data securely. In today's blog, we will show you how you can easily set up a VPN server in your company using IPFire.

The function of a VPN server.
The function of a VPN server.

The download of IPFire is done for example via the website of IPFire. During installation, we select the desired language, confirm the license and select both the data carrier for the installation and the corresponding file system.

The installation of IPFire.
The installation of IPFire.

We then enter the setup. Here we select our keyboard layout and time zone, and set the host and domain name as well as a password for "root" and "admin". In the next step, we take care of the network configuration.

The setup of IPFire.
The setup of IPFire.

Various network configuration types can be selected under "Type of network configuration". Here we keep the preset type GREEN + RED for a simple VPN configuration. Within the "Network card assignment" we now assign a network card to the interfaces GREEN and RED. Here, the network card that is to be connected to the Internet must be defined as RED and the network card for the internal network as GREEN.

In the "address settings" we assign an IPv4 address to the interface GREEN, with which the IPFire can be reached in the internal network. Additionally we assign the interface RED how it gets its IP address. We select between "Static", "DHCP" and "PPPoE".

The address settings of IPFire.
The address settings of IPFire.

The "Gateway Settings" must be defined if a static IP address is used for the interface RED. If we have completed our network configuration, we confirm with "Done". The next step is the configuration of the VPN via Services --> OpenVPN.

In the global settings, the most important entry is "Local VPN Hostname/IP". If our company has a fixed IP address for the Internet connection or if a DNS name exists for this fixed IP address, we enter it here. If we only have an ADSL/VDSL line with changing IP addresses available, we integrate the IP beforehand via a DynDNS service, e.g. www.noip.com. We can also integrate the DynDNS service in IPFire. In this case we enter the DynDNS name in the field "Local VPN Hostname/IP".

The configuration of OpenVPN.
The configuration of OpenVPN.

The "OpenVPN subnet" is the network used for routing on the Internet gateway (as described above) when the IPFire is not its default gateway. If more subnets are needed for security reasons, we can add them under "Static IP address pools". Under "Advanced Server Options", it is recommended that we enable the "mssfix" option. We then save our changes.

In the next step, we generate the "Root/Host certificates" in the "Certification Authority and Keys" section. This may take a short while.

The configuration of OpenVPN.
The configuration of OpenVPN.

After creating the certificate, the OpenVPN server can be started. To do this, we set the checkmark in OpenVPN to RED in the global settings and start the server using "Start OpenVPN server". If we want to make changes in the settings afterwards, we stop the server temporarily.

Now we create the VPN users. In the "Connection status and control" section, we add a new user via the "Add" button. This is followed by the selection of the connection type, where the "Host-to-Net Virtual Private Network (RoadWarrior)" is the right selection for working in the home office.

The configuration of OpenVPN.
The configuration of OpenVPN.

The following configuration page is divided into three parts, where all fields marked with a red star are mandatory. In the "Connection" section, we enter a name for the client connection, which must not contain any spaces. In case we have created additional VPN subnets, we could use them under "Select network".

The configuration of OpenVPN.
The configuration of OpenVPN.

In the section "Authentication" we specify the name and validity of the user. In addition, we recommend entering a password to decrypt the certificate.

The configuration of OpenVPN.
The configuration of OpenVPN.

The section "Advanced Client Options" remains unchanged. The new VPN user is created by saving the entries.

The configuration of OpenVPN.
The configuration of OpenVPN.

In the "Connection status and control" section of the OpenVPN overview, we are now shown all created users. In order for the VPN to be available on the client, it must receive the client package. The legend shows the corresponding symbol.

The configuration of OpenVPN.
The configuration of OpenVPN.

To set up the VPN client, we download the client from www.openvpn.net After we have installed and started the VPN client, the icon appears in the lower right task bar. Then we unpack the corresponding client package, which consists of two files - a VPNName.ovpn file and a certificate.

By right-clicking on the VPN icon of the client, we import the .ovpn file, which is also stored in the folder c:\User\Name\OpenVPN\config\OpenVPNName\. The certificate file is also copied into this folder.

Now we can connect the VPN, either by double clicking on the VPN icon or by right clicking on the VPN icon and selecting "Connect". For the first connection of the VPN client we need administrative rights.

In the best case, the entire setup and configuration is done by the company's IT administrator. Once set up, any number of users can be added and the setup can be done in a few steps. The configuration effort is worthwhile not only because of the possible access to the company internal network from the home office, but also because of the security when processing or exchanging sensitive data.

You would like to enable your employees to work from their home office and are looking for a reliable partner for your IT support? Contact us now and we are always at your side!


Sources: www.t3n.de, www.wikipedia.org, www.ipfire.org, www.openvpn.net, www.noip.com

 
Odoo Community vs. Odoo Enterprise
Odoo versions in comparison