IPCop Installation Guide
-Eric J. Vititoe
IPCop “is a complete Linux distribution whose sole purpose is to protect the networks on which it is installed”. It is very easy to install. It is very easy to configure. And, best of all, it is FREE.
IPCop and its add-ons include DHCP routing, VPN capabilities, anti-spyware, anti-spam, anti-virus, proxy, URL filtering, and much more.
IPCop is able to run on hardware that we would normally think of as being obsolete. I have personally never installed it on a machine with anything slower than a 700MHz CPU, but others have installed it on 200-233MHz machines with only 32Mb RAM. Even at slower speeds, it is very robust.
Today, I will show you how to set up a basic configuration of IPCop. My example configuration assumes:
a) you have a static IP from your ISP
b) you need to use DHCP for your LAN
c) you need VPN capabilities for roaming users
d) that the users above have Windows
e) that you know a little bit about computers and networking
The rig I am using is a 1.3GHz AMD with 256Mb of RAM and a 20Gb hard drive. I have two network cards installed, one for the WAN, and another for the LAN. The computer also has a floppy drive and CD-ROM.
Section 1 – Installing IPCop
Go to www.ipcop.org and download the ISO image. It’s approximately 45Mb in size. Use your favorite burning software to put the ISO to CD and load it into your CD drive.
Turn your machine on and we’ll begin the tutorial. I will walk you through the install, step by step. Keep in mind that your mouse will not function with IPCop. You will use the tab, space, and enter keys to move the cursor and select an item.
Note: Connect the LAN cable, but do NOT connect the WAN interface cable yet. I will let you know when to connect the WAN cable.
1) The first menu is the boot menu. Simply press enter to boot.
2) Select your language, move to and select OK.
3) The installation will erase all information on your hard drive. If this is OK, move to and select OK. Not selecting OK will cancel the installation.
4) Since we burned a CD for installing, we will select the CD-ROM as our installation media. Move to and select OK.
5) You are now at the disk prep dialogue. Select OK to continue.
At this point, you will see several dialogues appear and disappear, such as partitioning, installing log file system and root file system, installing files, swap space, etc. Just be patient.
6) The next step asks if you would like to make a backup. I see no need to backup yet, so I just skip this step. You can backup if you like.
7) Now we are going to configure our green interface. The green interface is going to be used on the LAN, or local, side of the IPCop box. To configure the green interface, move to and select Probe. It will detect which network interface is connected and use that one for your green interface. Select OK after it has been detected.
8) Enter your green interface IP address. Normally, you would enter 192.168.1.1 as this is going to be acting as our new router, as well. You could enter a different address for now and change it later, in case your new IPCop box isn’t going live just yet. Select OK.
9) At this point, the installer will install GRUB bootloader and then eject the install CD. Place the CD in a safe location.
10) “Congratulations!” The initial setup is almost complete. Select OK.
11) Choose your keyboard layout and select OK.
12) Now, select your time zone and select OK.
13) For host name, just use “ipcop” (without the quotes). That will make it easy to remember. Select OK.
14) Unless you know what you are doing, just use the default domain name and select OK.
15) Most do not use ISDN, so select disabled.
16) Now, we are at the network configuration menu. For this example, we will choose “Green + Red”. Select OK. IPCop will now push down the local network.
17) Choose Drivers & Card Assignments, then select OK when prompted to change settings. IPCop will once again push down the network.
18) IPCop will prompt that it has found an unclaimed network card and will ask if you want to assign it to the red interface. Select OK to assign it. It will prompt that All cards have been successfully allocated.
19) Back at the menu, choose address settings, then green interface and OK. Read the warning, change numbers if needed, and choose OK.
20) Select red interface. Input your settings for DHCP, static addresses and select done.
21) Now, select DNS & Gateway settings. Input parameters and select OK.
22) Choose DHCP Server Configuration, input settings, and select OK.
23) The next few dialogues will prompt you for various passwords. For simplicity, you can enter them all the same. However, if you have more than one network admin, you may want to use different passwords for each. You will have to enter each twice, but won’t be able to see what you are typing.
24) Now, you can connect your WAN interface cable. Choose OK to reboot. After IPCop has rebooted, do not touch anything at the boot menu.
Now that IPCop has been set up, you can remove the keyboard and mouse from the computer. IPCop can now run headless. *Exception: if you entered a different IP address in step eight, you will need to run setup locally again from the IPCop machine to change the address.
From another machine on your LAN, open your web browser and visit https://192.168.1.1:445 (or whatever address you entered in step 8). Notice we’re using secure http. If you prefer, you can use the unsecured address http://192.168.1.1:81.
Enter the admin username and password when prompted. From the drop down menu, you need to enable SSH. Click system > SSH Access then check SSH Access. Now click on Save.
You have now configured your IPCop router.
Section 2 – Installing VPN
If you want to take things even further, you can now install Zerina as your VPN server to give roaming users the ability to see and use local resources remotely, while keeping your data secure.
To install Zerina from a Windows box, you will first need to download a few things.
First is Zerina itself. Download Zerina from http://www.zerina.de/zerina/?q=download .
Secondly, download WinSCP from http://winscp.net/eng/index.php .
Last, download Putty from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html .
If one or more of these addresses no longer work, simply search for them using your favorite internet search engine.
A great animated installation guide for Zerina can be found at http://www.zerina.de/zerina/files/flash/ZERINA-Install.htm .
Section 3 – Configuring Your VPN Server
Once you have installed Zerina, you will need to create the host certificate. From the menu, go to VPN > OpenVPN. Click the box called “Generate Root/Host Certificate”. Enter all information and click generate. This may take a few minutes.
Now, we can create certificates for your VPN users. From the OpenVPN menu, under client status, click add. Select host-to-net VPN > add. Now, fill in all relevant information, including password, and click save. After a moment, you will now see that user’s account. Repeat for all VPN users.
NOTE: Be sure to click the “enable VPN on red” check box on the OpenVPN menu.
Section 4 – Installing and Configuring Your VPN Client
As a client, you will need to download OpenVPN’s client software from “http://openvpn.net/download.html”. Install using all default options. If you are using Windows XP, you will receive a prompt that the drive has not passed Microsoft testing. Just click continue anyway. The client is now installed.
To configure the client, we need to download the PKCS12 file that was generated from the server. Browse to the IPCop GUI > VPN > OpenVPN. Locate the user’s file. It is the blue button to the right of the user name labeled “O VPN”. Click on this button to download the user’s package file.
Once downloaded, transfer the package file to the client machine and unzip. It should contain two files. Both of these files should be moved to the “C:\Program Files\OpenVPN\config” directory on the client machine.
To connect the client to the remote VPN, click on the OpenVPN GUI from the program menu. You will see a new network icon with two red screens in your system tray. Right click on that icon, then left click on connect. You will be prompted to enter your password.
You are now connected!
Good luck and happy installing!