How to Prepare Taxes for Your Small Business

As tax day approaches, Paul Stappas had devised tips for small businesses to file with ease this year.

Paramus, NJ (PRWEB) February 2, 2008 — As tax day approaches, businesses around the country will be turning their books over for tax preparation. Some will be well prepared but most small business owners may get “that sinking feeling,” hoping that their accountants can help piece things together. With a little foresight and some planning, however, small business owners can easily adopt smart bookkeeping practices that will make tax time much less stressful and their bottom lines more robust.

“The key is in the set-up,” says Paul Stappas, owner of Bookkeeping Administration Management, a service that implements bookkeeping systems for small-sized companies around the country. “Most businesses use Quick Books. But if the entries are faulty, Quick Books won’t produce accurate profit and loss statements and balance sheets. The adage, ‘garbage in, garbage out’ definitely applies.” Amazingly, of the thousands of businesses Stappas has counseled, less than two percent were using Quick Books to its potential. Stappas says he has also found inconsistencies and incorrect data from every company that has requested his help.

Here are tips Stappas says business owners should follow to maximize their accounting efforts and make tax time as painless as possible whether they use Quick Books or not:

 

  • A bookkeeper should never make adjustments to your books entry system without specific authority from you or your accountant. Stappas says that most company bookkeepers will frequently make adjustments to their books and never inform the owner or the owners’ accounting firm. The way information is entered into Quick Books or another program will definitely affect the outcome. If the entry system is changed, you may not get accurate profit-and-loss statements or balance sheet at year’s end.

 

  • Make certain your entries are recorded accurately. Even simple entries can be incorrect if they are not logged properly. The interest and principal on a car loan payment, for example, must be separated for proper accounting purposes. For manufacturing firms, the cost of goods must be properly logged. Service companies must properly record hours worked by each employee. Liabilities are frequently not recorded correctly, resulting in improper payments to the IRS.

 

  • Spend time planning for the year ahead. Even if your books are not up-to-par this year, don’t hide from the problem. Spend some real time now to correct your books, implementing new entry systems if necessary and resolve to stop the bad habits that can put unnecessary stress on even successful businesses and their owners.

 

  • Hire an expert to fix the problem. Bookkeepers might not have the training necessary to correct inconsistent and inaccurate entries. And, accountants might not have the time budgeted to overhaul your books. Find a true Quick Books expert who knows business to repair the damage.

It’s never too late to start over where bookkeeping is concerned. “If your systems seem substandard, don’t despair,” says Stappas. “With a few simple changes, any company can adopt end-of-year bookkeeping and accounting practices that are easy to follow and accurate to a fault.”

Bookkeeping Administration Management is a turn-key bookkeeping service that handles monthly or semi-monthly accounts receivables, accounts payable and payroll needs for businesses of any size. The company is based in Neshanic Station, New Jersey. For more information visit: http://www.bookkeepingadmin.com/

Backups in a Linux Environment

Backups are an important task within any environment. While there are multiple options for performing backups on a Windows network, you may not be aware of the  options available for a Linux environment. Given the fact that I work strictly in the Linux world, both at home and at the office, I can offer some suggestions as to what options are available. We’ll stick with open source (free) solutions here, although there are many commercial products available.

             Bacula (http://www.bacula.org/) is the big player in the enterprise level network backup game. Setup and configuration of Bacula is a job for intermediate/advanced Linux users, although once installed and configured there is a very easy-to-use web GUI for administration.

             Another good product is Mondo Rescue (http://www.mondorescue.org/). While this application can be used for backup, it is designed more as a disaster recovery tool. Mondo Rescue creates bootable CD/DVD’s that contain snapshots of a complete system (ala Ghost or True Image) which can be used to restore a system from bare metal.  It’s administered from a simple text-based GUI and packages are available for most Linux distributions. Installation and use is simple enough for the average Linux user.

             Next up is Amanda (http://www.amanda.org/). The source code is available at the Amanda web site, but a quick Google search will net you a package in the proper format for your particular flavor of Linux. This is strictly a command line tool, so it’s best left to those power users that are comfortable working without a GUI. This is a very powerful and flexible backup application.

             Of course if you are not looking for a network type solution and just want something to backup your own machine, almost all Linux distributions come prepackaged with some type of easy-to-use GUI based software. The KDat application included with the KDE desktop is one example. Several folks have written their own and made it freely available to us all.  http://simplelinuxbkup.sourceforge.net/ for example.

             While I am by no means a code-monkey, I have learned enough basic shell scripting to write my own backup software. It works equally well for stand alone machines or as a network solution. You can find it here (you’ll have to be a registered member):

http://www.theforcefield.net/joomla/index.php?option=com_docman&task=cat_view&gid=911&Itemid=53  


             My backup software consists of a simple script that runs as a scheduled job and uses ‘tar’ to create compressed backup files. The default is to backup the /home directory daily and perform a full backup weekly. A copy of the backup is stored on the local machine (so that you may manually burn it to CD/DVD, archive it to a tape drive, copy to a USB stick, FTP it somewhere, etc.). This software can optionally use ‘rsync’ to automatically push a copy of the backup to a network storage device. I use an old server with a multiple scsi disk array, but you could use an external enclosure with a large hard drive attached to another Linux machine or even push the backup across the WAN to an off-site storage device running Linux. Another option would be to automatically FTP the tar files to any local or remote FTP server (although you will have to learn a bit of shell scripting and write this code yourself).  *NOTE: If you choose the preceding FTP option, PLEASE consider security and use SFTP or tunnel through a VPN! Full restores can be done simply by partitioning and formatting a new hard drive and then extracting the compressed tar file onto the disk. If you delete something important from your home directory, you can simply extract the /home tar file stored on the local machine back into your existing /home directory. Basic instructions are in the README, and the scripts are liberally commented.

             As always, if you have any questions, comments, problems, or want to erect a statue in my likeness, please feel free to contact me at thughes@fwpm.com .

 

Copyright 2008 Todd Hughes

Anatomy of a rootkill: Hunting down and destroying undetectable malware

Anatomy of a rootkill: Hunting down and destroying undetectable malware

by Chris Bequeath

 

(The following is a true story, documented during an actual detection and removal of an unknown rootkit)

A computer arrived in my shop with the usual symptoms of malware – running slow, website redirections. It was running Windows Live OneCare for antivirus, and Webroot Spysweeper. The customer had already tried tools like Spybot S&D to fix the problem. When that didn’t fix their problem they took it to one of the big box stores, where they said the only way to fix it was to wipe the drive and reload the data. This was unacceptable to the customer, and that’s how I ended up with the PC. 

A quick inspection in Safe Mode revealed one of the newer smitfraud variants, along with other malware of various sorts. A quick run through of the registry and filesystem took care of those. Opening HiJackThis to clean up any leftovers showed a suspicious entry under WinLogon named frvemmei. Killing it and rerunning HJT showed the entry re-spawning instantly.

So I opened up the trusty windows registry editor and searched out all entries for frvemmei. Unfortunately, the malware had locked the entry so it couldn’t be deleted. I tried changing permissions, and even tried regedt32 just in case.

 Registry Editor


 

A quick boot to UBCD4Win to delete the files and registry entries showed the registry entry, but no sign of the file ‘ccbaccb.dll’ in system32 where it was visible, but unable to delete while Windows was running. Rebooting windows showed both the file and the registry entries were back. So figuring this machine had a rootkit I ran RootkitRevealer, Sophos antirootkit and a few other tools, all which showed clean. I removed the Webroot and OneCare software, then installed AVG virus and spyware software. Surfing to the system32 folder and doing a shell scan on ccbaccb.dll with AVG showed obfustat.vyg, but it was unable to clean.

 

Object Details

 

Researching the registry entry, the dll file and the AVG result turned up no information. So this looked like an unknown rootkit.  Now the fun begins! 

First off I had to find what was loading the files. Firing up Process Explorer from Sysinternals
( http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx ) and searching for the file ccbaccb.dll came up with the following:

 

Process Explorer Search

 

So now we can see the rootkit has hooked into the kernel at bootup in the explorer.exe file, meaning it has complete control over the OS and how software operates – including antivirus software. Any machine that is compromised in this fashion, either from a system file, a driver dll or any other file loaded before the operating system boots cannot be trusted with scans that run on the machine. This includes online scans which load applets, file definitions and other things needed for the test onto the host PC.

It’s a sure bet that the explorer file is what is reloading the frvemmei and ccbaccb.dll. So this will be a fairly easy one to fix not only the infection but the corrupted Windows files.

But now that we know how to kill the rootkit, it’s a good idea to find out what first infected it in the first place. Booting into normal mode and running regmon and filemon (available at Sysinternals site) shows something unusual. Every few seconds a file is loaded called lighthouse.wma. At the same time a registry entry is created. Searching the registry shows only the one instance of the file. Searching the PC shows the file is located in the LimeWire Shared directory. The registry entry it creates is for our old friend frvemmei in the RUN key. So it appears the lighthouse.wma file was the progenitor. Once run, it created keys in the registry and created the ccbaccb.dll file. Upon reboot the dll file (really an exe disguised) modified explorer.exe which would ensure that it was always recreated if it was deleted. 

Now for the cleaning. Boot to your favorite boot disk with a remote registry editor. Find all instances of ccbaccb.dll, frvemmei, and lighthouse.wma on the drive and in the registry and delete them. Also delete explorer.exe from the drive. Insert the correct Windows disk (or use system recovery) and perform a system repair. This will replace explorer.exe with a clean copy, along with any other modified windows files. Retest the PC, check with HJT to make sure there are no rogue entries and your done! 

Summary:

This process if performed straight through, would take a couple of hours with the longest time for the repair install of Windows. While researching this issue to make sure that no software would detect it, I ran Trend Micro’s Housecall, PandaScan, F-Secure, BitDefender,  SpySweeper, AVG and AVGAS, McAfee, Spybot S&D, AdAware, SuperAntiSpyware and some standalone tools such as CWS Shredder. All tested the PC as being clean after the initial malware removal of smitfraud, vundo and other minor malware infections. The PC was put through at least 30 reboots to make sure the processes didn’t return.

 

Copyright 2007 Chris Bequeath. All rights reserved

 

{mos_fb_discuss:184} 

 

 

Ultimate Linux Server Part 1: Web Proxy

Ultimate Linux Server
Part 1: Web Proxy

    What is the “Ultimate Linux Server”? I suppose that if you asked ten different people you would get just as many different answers. My definition is a basic server running a stripped down operating system to which services can be added as necessary. Simplicity and security go hand-in-hand; the fewer services or “bells and whistles” a server is running, the more secure and reliable it will be.

    My version of the “Ultimate Linux Server” starts with a minimal install of Debian Linux and an application called Webmin. Webmin is a web based administrative interface for managing all aspects of a Linux server.

    This article is the first in a series of several installments. For now, we will build the basic server and install a web proxy application on it. Future articles will explain how to build upon this base server, adding services such as a mail server, anti-spam filter, DHCP server, DNS server, etc. The Webmin application also contains features to manage the server itself, such as back up, service monitoring and alerts to email and SMS, etc. These features will also be covered in future articles.

    As the title of this article infers, we will be installing a web proxy application. Why do you need a web proxy? A question was posed by a colleague recently concerning how to monitor web traffic and report on which users were going to what sites on the internet. A web proxy can be used to intercept all HTTP traffic destined for the internet and log which computers are going where. In addition, the web proxy we are going to install (Squid) acts as a caching web proxy which can speed up the loading of previously accessed web sites. An additional application called “SARG” produces very nice reports of all web traffic based upon such criteria as source IP, destination web site, the time frame web sites were accessed, the most active users of HTTP, etc.

    In an attempt to make the installation and configuration as easy as possible, we will use a method where-by the server is accessed remotely from your own desktop PC and commands are run on the server via a terminal application (with the exception of the initial installation of the operating system which must be done using a keyboard and monitor attached directly to the server).  These commands are presented in bold type and can simply be copied and pasted into the terminal window. This server is designed to run “lights out” without a monitor or keyboard attached during normal operation.

    The recommended minimum hardware configuration would be a P4 1.5 GHz (or equivalent), 512Mb RAM, and a 40 GB (or bigger) hard drive. Linux isn’t as resource intensive as some other operating systems so the above recommendations should work very nicely. Feel free to add more RAM as you install additional services.

    Let’s begin by getting the operating system installed. Download and burn a copy of Debian Linux. I recommend getting the network install image; it’s very small and you only need a very few basic packages anyway. Go here: Debian and download the appropriate “netinst” image (i386 for most of you). Make sure you burn this as an ISO “image” and then boot your new server to this CD. Go ahead and install Debian, making sure that you are plugged into the network and the internet is accessible. You can safely accept the defaults most of the way through, with the following exceptions:

1.    If your server grabs a DHCP address, use the tab key to choose “go back”, then choose “configure network manually” and assign an appropriate static IP.
2.    When you get to the “Software selection” screen, unselect everything (trust me). This is done by using the space bar to toggle your selection and the “down” arrow key to move through the menu. Once you have deselected all options, use the “tab” key to choose continue and hit “enter”.

    After it installs grub (the boot loader), it will spit the CD out at you and you simply hit “enter” to continue and boot into your new Debian system.

    At this point, you should be staring at a login prompt (yes, it’s all text based, no “point and click” here). Simply type root, hit “enter”, and then the password you chose for root when you installed the OS. Now, we’re going to do some basic setup:

1.    Type nano -w /etc/apt/sources.list. This will open a file up in an editor.
2.    Using your arrow keys to move around, put a “#” sign in front of the second line that starts with “deb cdrom” (this is called a “comment” and it means that the line will be ignored). Then move the cursor to the end of the first line that starts with “deb http” and add “contrib” and “non-free”. It should look something like this:
“deb http://ftp.debian.org/debian/ etch main contrib non-free”
3.    Do the same for the remaining lines.
4.    Hit “ctrl o” (the ctrl button and the letter “o” at the same time), then “enter”, and then “ctrl x” to save and exit.
5.    Type the command apt-get update.
6.    Type the command apt-get install openssh-server (just hit enter when it asks you if you want to continue).

    It is a very bad idea to allow root logins via SSH so we need to edit the SSH configuration file to prevent this

1.    Enter the command nano -w /etc/ssh/sshd_config, this will open up a file in an editor. Using the same method that you used earlier to edit the “apt” file, look for the line that reads “PermitRootLogin Yes”, change “yes” to “no”, and save your changes (crtl o/enter/crtl x).
2.    Enter the command etc/init.d/ssh restart and hit enter.

    We can now finish the install remotely from our desktop by simply cutting and pasting commands into a terminal window connected to the Debian box. Linux users can simply open a terminal and connect to the Debian box using SSH. Windows users will need to download a small program that will allow terminal connections to a Linux box. This program, called “putty”, allows a Windows box to use SSH (the secure shell protocol) and can be found here: putty (just grab “putty.exe” and save it to your desktop). Open up putty, enter the IP address of your Debian box, the “regular user” name (that you created when you installed Debian), and the corresponding password.

    Once you have connected to the server via SSH, you can simply copy and paste the remaining commands (one line at a time unless otherwise noted, followed by hitting the “enter” key) into the terminal window to complete the installation and configuration.

    The next step is to add an additional repository to our /etc/apt/sources.list file and then perform a quick upgrade (“apt” is the package manager for Debian, it is used to download and install any of the tens of thousands of freely available software applications). Use the code below:

su
(enter root password)
nano -w /etc/apt/sources.list
(cut and paste the following on a new line at the bottom of the file)
deb http://download.webmin.com/download/repository sarge contrib
save your changes (crtl o/enter/crtl x)
apt-get update
apt-get dist-upgrade (choose “yes” when asked if you want to continue, if any dialog boxes pop up, hit “tab” and then “enter”)
reboot

    The reboot will knock you out of the remote session, so wait a minute for the box to reboot, then reconnect with SSH (or putty). We will now install Squid (the web proxy application) and SARG (Squid Analysis Report Generator). Use the code below:

su
(enter root password)
apt-get install squid sarg
(answer “yes” to any questions asked)

    If all went well, Squid and SARG are now installed but we need to edit the Squid configuration file to allow our local network to use the proxy server. While this can be accomplished through the Webmin interface, it involves several detailed steps to do it that way and it is much easier just to edit the underlying configuration file on the command line. Use the code below:

nano -w /etc/squid/squid.conf
(scroll waayyyy down to “# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS” and uncomment “acl our_networks” by removing the “#” at the beginning of the line and then adapt as necessary for your network)
(mine looks like this: “acl our_networks src 192.168.12.0/24”)
(uncomment the  “http_access allow our_networks” line)
save your changes (crtl o/enter/crtl x)
/etc/init.d/squid restart

    Now we need to install Webmin and any other packages that it depends upon to function properly. Use the code below:

apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl mailx webmin (NOTE: this command should all be on one line!)
(choose “yes” to any questions asked)

    That should do it as far as the installation and configuration goes, now it’s time to log into Webmin and have a look around. Open up a browser and point it to:

 https://the_IP_address_of_your_new_Debian_server:10000

    Log in as “root” with the same root password that you use to log into the server itself. You should now be looking at the Webmin interface. Take some time and explore a bit; you’ll get an idea of how powerful this interface really is! You will also discover that quite a few options are either unavailable or not installed/configured yet. We’ll get to those in a future article.

    Expand “Servers” in the left side panel, then click on “Squid Analysis Report Generator”.  Now, click on “Generate Report Now”. Whoops! Error, no records found. This is because there is no information in the log files to report. We now need to configure the web browsers on all the PC’s on our LAN to use our new proxy server to get to the internet. Configure the settings in the web browsers of your LAN machines to use a proxy (but ONLY for HTTP!). Enter the IP address of the new server as a proxy and 3128 as the proxy port. (The specifics on how to do this depend on which browser you use.) I also recommend checking the “do not use proxy for local connections” setting.  If you are a Microsoft shop and use IE, you should be able to push this out with a GPO. Now, hit a few web sites from a LAN PC then go back to Webmin and click on “Generate Report Now”. Click on “View completed report”, then click on the date under “FILE/PERIOD”. You should see some data. Everything in blue is a link to detailed data, the tiny icons are clickable too. Use the browser “back” button to return to the previous page. (Cool stuff, huh?)

    I must advise you that there is a bug with the software: If you click the “Log Source and Report Destination” icon, there is an option to enter an email address to have reports sent to. When you enable this particular option and enter an email address, subsequent report generation will fail. Bottom line is do not enable the “Email report to” option. (This is really no big deal because the emailed reports are nothing but a simple text message with very little useful information anyway). Otherwise, feel free to play with the other settings for SARG.

    One last note: savvy users will probably catch on to the fact that you are watching them and will change their proxy settings back to “connect to internet directly” to avoid being monitored. To prevent this, you should create an egress (outbound) rule on your firewall that will only allow outbound HTTP traffic if it originates from the proxy server IP (heh heh).

    As always, if you have any questions, comments, problems, or want to make a large charitable donation in my name, please feel free to contact me at thughes@fwpm.com.

RESOURCES:
Squid: http://www.squid-cache.org/

SARG: http://sarg.sourceforge.net/sarg.php

Webmin: http://www.webmin.com/

Debian: http://www.debian.org/

Putty: http://www.chiark.greenend.org.uk/~sgtatham/putty/

Burning CD images: http://www.petri.co.il/how_to_write_iso_files_to_cd.htm

Copyright 2007 Todd Hughes
 
{mos_fb_discuss:no_discuss} 

IPCop Installation Guide

IPCop Installation Guide
-Eric J. Vititoe

IPCop “is a complete Linux distribution whose sole purpose is to protect the networks on which it is installed”.  It is very easy to install.  It is very easy to configure.  And, best of all, it is FREE.

IPCop and its add-ons include DHCP routing, VPN capabilities, anti-spyware, anti-spam, anti-virus, proxy, URL filtering, and much more.

IPCop is able to run on hardware that we would normally think of as being obsolete.  I have personally never installed it on a machine with anything slower than a 700MHz CPU, but others have installed it on 200-233MHz machines with only 32Mb RAM.  Even at slower speeds, it is very robust.

Today, I will show you how to set up a basic configuration of IPCop.  My example configuration assumes:
    a) you have a static IP from your ISP
    b) you need to use DHCP for your LAN
    c) you need VPN capabilities for roaming users
    d) that the users above have Windows
    e) that you know a little bit about computers and networking

The rig I am using is a 1.3GHz AMD with 256Mb of RAM and a 20Gb hard drive.  I have two network cards installed, one for the WAN, and another for the LAN.  The computer also has a floppy drive and CD-ROM.

Section 1 – Installing IPCop

Go to www.ipcop.org and download the ISO image.  It’s approximately 45Mb in size.  Use your favorite burning software to put the ISO to CD and load it into your CD drive.

Turn your machine on and we’ll begin the tutorial.  I will walk you through the install, step by step.  Keep in mind that your mouse will not function with IPCop.  You will use the tab, space, and enter keys to move the cursor and select an item.

Note: Connect the LAN cable, but do NOT connect the WAN interface cable yet.  I will let you know when to connect the WAN cable.

1) The first menu is the boot menu.  Simply press enter to boot.

2) Select your language, move to and select OK.

3) The installation will erase all information on your hard drive.  If this is OK, move to and select OK.  Not selecting OK will cancel the installation.

4) Since we burned a CD for installing, we will select the CD-ROM as our installation media.  Move to and select OK.

5) You are now at the disk prep dialogue.    Select OK to continue.

At this point, you will see several dialogues appear and disappear, such as partitioning, installing log file system and root file system, installing files, swap space, etc.  Just be patient.

6) The next step asks if you would like to make a backup.  I see no need to backup yet, so I just skip this step.  You can backup if you like.

7) Now we are going to configure our green interface.  The green interface is going to be used on the LAN, or local, side of the IPCop box.   To configure the green interface, move to and select Probe.  It will detect which network interface is connected and use that one for your green interface.  Select OK after it has been detected.

8) Enter your green interface IP address.  Normally, you would enter 192.168.1.1 as this is going to be acting as our new router, as well.  You could enter a different address for now and change it later, in case your new IPCop box isn’t going live just yet.  Select OK.

9) At this point, the installer will install GRUB bootloader and then eject the install CD.  Place the CD in a safe location.

10) “Congratulations!”  The initial setup is almost complete.  Select OK.

11) Choose your keyboard layout and select OK.

12) Now, select your time zone and select OK.

13) For host name, just use “ipcop” (without the quotes).  That will make it easy to remember.  Select OK.

14) Unless you know what you are doing, just use the default domain name and select OK.

15) Most do not use ISDN, so select disabled.

16) Now, we are at the network configuration menu.  For this example, we will choose “Green + Red”.  Select OK.  IPCop will now push down the local network.

17) Choose Drivers & Card Assignments, then select OK when prompted to change settings.  IPCop will once again push down the network.

18) IPCop will prompt that it has found an unclaimed network card and will ask if you want to assign it to the red interface.  Select OK to assign it.  It will prompt that All cards have been successfully allocated.

19) Back at the menu, choose address settings, then green interface and OK.  Read the warning, change numbers if needed, and choose OK.

20) Select red interface.  Input your settings for DHCP, static addresses and select done.

21) Now, select DNS & Gateway settings.  Input parameters and select OK.

22) Choose DHCP Server Configuration, input settings, and select OK.

23) The next few dialogues will prompt you for various passwords.  For simplicity, you can enter them all the same.  However, if you have more than one network admin, you may want to use different passwords for each.  You will have to enter each twice, but won’t be able to see what you are typing.

24) Now, you can connect your WAN interface cable.  Choose OK to reboot.  After IPCop has rebooted, do not touch anything at the boot menu.

Now that IPCop has been set up, you can remove the keyboard and mouse from the computer.  IPCop can now run headless. *Exception: if you entered a different IP address in step eight, you will need to run setup locally again from the IPCop machine to change the address.

From another machine on your LAN, open your web browser and visit https://192.168.1.1:445 (or whatever address you entered in step 8).  Notice we’re using secure http.  If you prefer, you can use the unsecured address http://192.168.1.1:81.

Enter the admin username and password when prompted.  From the drop down menu, you need to enable SSH.  Click system > SSH Access then check SSH Access.  Now click on Save.

You have now configured your IPCop router.

Section 2 – Installing VPN

If you want to take things even further, you can now install Zerina as your VPN server to give roaming users the ability to see and use local resources remotely, while keeping your data secure.

To install Zerina from a Windows box, you will first need to download a few things.  

First is Zerina itself.  Download Zerina from http://www.zerina.de/zerina/?q=download .  

Secondly, download WinSCP from http://winscp.net/eng/index.php .  

Last, download Putty from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html .  

If one or more of these addresses no longer work, simply search for them using your favorite internet search engine.

A great animated installation guide for Zerina can be found at http://www.zerina.de/zerina/files/flash/ZERINA-Install.htm .

Section 3 – Configuring Your VPN Server

Once you have installed Zerina, you will need to create the host certificate.  From the menu, go to VPN > OpenVPN.  Click the box called “Generate Root/Host Certificate”.  Enter all information and click generate.  This may take a few minutes.

Now, we can create certificates for your VPN users. From the OpenVPN menu, under client status, click add.  Select host-to-net VPN > add.  Now, fill in all relevant information, including password, and click save.  After a moment, you will now see that user’s account.  Repeat for all VPN users.

NOTE: Be sure to click the “enable VPN on red” check box on the OpenVPN menu.

Section 4 – Installing and Configuring Your VPN Client

As a client, you will need to download OpenVPN’s client software from “http://openvpn.net/download.html”.  Install using all default options.  If you are using Windows XP, you will receive a prompt that the drive has not passed Microsoft testing.  Just click continue anyway.  The client is now installed.

To configure the client, we need to download the PKCS12 file that was generated from the server.  Browse to the IPCop GUI > VPN > OpenVPN.  Locate the user’s file.  It is the blue button to the right of the user name labeled “O VPN”.  Click on this button to download the user’s package file.

Once downloaded, transfer the package file to the client machine and unzip.  It should contain two files.  Both of these files should be moved to the “C:\Program Files\OpenVPN\config” directory on the client machine.

To connect the client to the remote VPN, click on the OpenVPN GUI from the program menu.  You will see a new network icon with two red screens in your system tray.  Right click on that icon, then left click on connect.  You will be prompted to enter your password.

You are now connected!

Good luck and happy installing!