IPCOP is one of my favourite pieces of software. It is a great internet gateway solution for home users and small to medium businesses. I use the Zerina addon to install OpenVPN and this in my option turns IPCOP into the best open source VPN/Firewall/Proxy solutions out there.
Following on from here. Another issue I find is when you install it; it does not push through DNS from the local network (green interface). To solve this problem it is a simple configuration change made to one file.
The easiest way to do this is use WINSCP to connect to your IPCOP machine. Locate the file server.conf from the location below
/var/ipcop/ovpn/server.conf
Edit the file adding the following line, just add it at the bottom.
push “dhcp-option DNS 192.168.0.5″
Replace ‘192.168.0.5‘ with your internal DNS server for the Green network.
Save the file and reboot IPCOP.
Now when your clients connect they can use IP or the DNS name of the computers in the green network!
I have been using the great firewall solution IPCOP for a while now. Until recently I never had a reason to connected to the Orange interface, the DMZ, remotely. I found that I had to perform some teaking in order to do this.
To connect to another subnet (interface) of your IPCop machine from the internet you must edit the server.conf file. This will allow access to your Orange and Blue zones along with the standard green zone.
I used the great software WinSCP to connect to my firewall and edit the file server.conf.
File Location: /var/ipcop/ovpn/server.conf
Green interface IP: 192.168.0.254
Orange interface IP: 192.168.10.254
In this file you should find the following line push “route 192.168.0.0 255.255.255.0″ This is the IP and Subnet of your Green interface.
I added the line push “route 192.168.100.0 255.255.255.0″ the the file to allow connections to be made to my Orange Interface.
I then rebooted the IPCop machine and it was all tickety boo!
Depending on how your machine is configured the numbers you see above may be different. So please don’t just cut and paste. Check out your own configuration.