16

I have a Ubuntu Lucid Lynx VM which I've been tinkering with. I want to set up a VPN and I am happy to learn how to do it on my own but the vastness of options makes my head spin, so I'm just looking for pointers.

Factors I want considered for my setup

  • Each user needs personal authentication (not one password for all)
  • I want know what OS the client is using (android / iphone other)
  • I want to track how much bandwidth is being used by each individual
  • Although security is important, it's mainly for bypassing China's great firewall (reach facebook / twitter) so I'm not trying to protect pentagon files. Security is good, as long as it doesn't involve hours of complicated configurations.
  • Prevent the same user from using multiple devices to access vpn at the same time
  • Any sugggestions?

So my questions are:

  • What protocol should i use to be compatible with Android (say 1.6+) and iPhones?
  • What administrative software should I use (free preferably but willing to invest a little)?
  • What guides / tutorials can you recommend that are a little bit less confusing than this?

Android:

16 IPSec VPN Tunnels
8 L2TP VPN Tunnels (Dial-in: 4, Dial-out: 4)
8 PPTP VPN Tunnels (Dial-in: 4, Dial-out: 4)

  • Embedded IPSec & PPTP client/server
  • IKE key management
  • DES, 3DES and AES encryption for IPSec
  • Embedded powerful 3DES accelerator
  • MPPE Encryption for PPTP
  • L2TP within IPSec
  • L2TP/PPTP/IPSec pass-through

iPhone

  • L2TP / IPSec
  • MSChapV2 Password
  • RSA SecurID
  • CRYPTOCard
  • PPTP
  • MSChapV2 Password
  • RSA SecurID
  • CRYPTOCard
  • Cisco IPSec VPN
  • Password
  • RSA SecurID
  • CRYPTOCard
  • Certificate

NOTES

  • I'll be sure to add a bounty after the 2 day period, hope this question can help other people who would like to create a similar setup.
  • The title of this question is not that great, feel free to edit
  • I don't need all answers answered any pointers would help :)
Moak
  • 604
  • 2
  • 10
  • 29
  • 1
    As I used up all my rep for the bounty, now I can't use most serverfault functions anymore, so I'd appreciate vote's up if the question is good, cheers – Moak Aug 05 '10 at 07:45
  • On a side note, be careful China knows how to block encrypted communications such as a VPN. Also, AFAIK it's illegal in china to use encryption to bypass their firewalls. – Antoine Benkemoun Aug 09 '10 at 08:21
  • @Antoine Benkemoun the VPN would not be operating within China, users of the VPN would have to take responsibility when signing up. – Moak Aug 11 '10 at 08:35

2 Answers2

5

Here's a fairly straight forward L2TP/IPSEC tutorial, but I don't think iphone can use certs, so you will have to go PSK. It also gets into domain authentication, so your users only have to remember one set of credentials. That is, if you have a domain...

http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html

Unfortunately I don't have an answer for the client OS detection or bandwidth monitoring.

JakeRobinson
  • 2,886
  • 17
  • 26
  • Thanks for the start, I will probably follow this guide, unless other solutions that fulfill my other requirements are posted. – Moak Aug 07 '10 at 08:29
  • Good luck, Moak! I'll keep the additional requirements in mind if I run across any other solutions. – JakeRobinson Aug 09 '10 at 14:52
  • You can install a cert on an iPhone by emailing it to your self, then clicking on the attachment. – Clint Aug 10 '10 at 17:08
  • Clint, Very true. However, it's only supported with a Cisco VPN: http://support.apple.com/kb/ht1288 – JakeRobinson Aug 13 '10 at 05:54
2

PPTP is probably going to be the simplest to implement if you need it to run on both Android and iPhone, but it's not as secure as IpSec/L2TP or OpenVPN. I know you mentioned you're running Ubuntu Lucid on the server end, but if you are able to experiment with pfSense either as a VM guest (works great for us under KVM on Ubuntu Lucid) or on a separate box I'd recommend it. It installs in minutes and provides an incredibly easy way to set up a PPTP, L2TP, or OpenVPN server. I think the PPTP server on pfSense would be a great place to start for what you're looking for.

nedm
  • 5,610
  • 5
  • 30
  • 52