A break from development a bit here, but in getting settled down into the new place, one of the things I decided to go ahead and do was use a Monowall box as my primary firewall. For years I’ve been using a Linksys Wireless router, and it’s still serving it’s purpose in Charlotte until we get the rest of the house moved up.
The biggest advantage to using Monowall for me is the ability to set up a VPN server using IPSec or PPTP. It can host the server itself, which is a nice bonus. With a PPTP VPN in place, I can connect from public access points, and still know my traffic is safe.
Setting it up turned out to be a breeze. First I hooked Monowall up with my cable modem as the WAN and my local network as the LAN. I made sure everything was passing traffic to the internet, which it was. Next, I went into the Monowall configuration screen to VPN->PPTP. The page can be broken down into four sections:
Here you just mark that you want to enable the PPTP server. Optionally you could have PPTP connections redirected to an existing PPTP server if you have one internally.
Here you specify what address you want the PPTP server to use internally, and the address range you want to assign to connecting clients. In this case PPTP clients will get an IP from 192.168.0.112 – 192.168.0.128
If you have a radius server you want to use for authentication, you can enter that here. If not, when you finishing setting up the connection a Users tab will appear that will let you specify authentication.
Finally, I enabled 128 Bit encryption. Since we’ll be using XP to connect, I know that 128 Bit is built in.
You’ll also notice at the bottom of that last screen shot is an important note telling you to enter a firewall rule for PPTP clients. Luckily they make this easy too. Once you’ve save the rule and added users, head over to the Firewall->Rules page and add a new rule. My PPTP rule looks like:
And that’s it! To connect to it, I simply set up a new connection using the wizard in XP, pointed it to my server, and logged in. I tested it internally (from the LAN) first, and then tried it from an outside connection.
Monowall is a great little firewall that happens to provide some great capabilities as well. If you need VPN access, hopefully this helped you get it up and running.