www.edain.de - Howtos

Menu:

Get Thunderbird!

Home / Howtos / WLAN Protection

WLAN Protection

IPSec WLAN protection with m0n0wall and TauVPN


Last update: 11.02.2008

This documentation describes the steps to establish a IPSec tunnel between m0n0wall 1.2 and TauVPN 0.37. I use this setup to protect my small home-wlan.

Background

Many thanks to Manuel Kasper and Stefan Markowitz for great pieces of software!

Related Resources


Note:

With minor adjustments this setup will also work with pfSense. It is a fork of m0n0wall with a different aim. See: www.pfsense.com and "Why the fork? What's wrong with m0n0wall?".



Table of Contents

1. Network setup

2. m0n0wall configuration

2.1 IPSec - Network Settings

2.2 IPSec - Phase 1

2.3 IPSec - Phase 2

2.4 ICMP Filter rule (optional)

3. TauVPN configuration

3.1 Creating a New Connection

3.2 Other Settings (optional)




1. Network setup

To give an overview of the network setup below is a graphic that shows the used IP networks:

General network setup


2. m0n0wall configuration

In m0n0wall you need to setup the IPSec connection and optionally add a filter rule to allow ICMP traffic to the DMZ IP of m0n0wall.
The ICMP filter was a requirement of TauVPN 0.36 that pings the local server IP to test connectivity and therefore must be able to reach m0n0wall via ICMP. (Per default m0n0wall drops all traffic from the DMZ subnet to its DMZ interface IP.)
In version 0.37 of TauVPN you can disable this ping. So step 2.4 is optional.


2.1 IPSec - Network Settings

m0n0wall IPSec - Network Settings


2.2 IPSec - Phase 1

m0n0wall IPSec - Phase 1


2.3 IPSec - Phase 2

m0n0wall IPSec - Phase 2


2.4 ICMP Filter rule (optional)

Overview of the filter rule:

ICMP Filter

Detailed setup of the filter rule:

Detailed ICMP Filter

3. TauVPN configuration

The installation of TauVPN is very simple but make sure to grab (and read) the latest howto at sourceforge.


3.1 Creating a New Connection

TauVPN configuration


3.2 Other Settings (optional)

Optionally you can disable the ping TauVPN sends when connecting. When disabled you don't need the filter rule of step 2.4.

Disable Ping in TauVPN


The other settings can be left alone. The defaults are used and the configuration of m0n0wall assumes that these defaults are used! If the connection works you can set is as default/autoconnect via the options dialog in TauVPN.

Happy tunneling!



Any suggestions? - E-Mail to author