I have a Ubuntu Lucid Lynx VM which I've been tinkering with. I want to set up a VPN and I am happy to learn how to do it on my own but the vastness of options makes my head spin, so I'm just looking for pointers.
Factors I want considered for my setup
- Each user needs personal authentication (not one password for all)
- I want know what OS the client is using (android / iphone other)
- I want to track how much bandwidth is being used by each individual
- Although security is important, it's mainly for bypassing China's great firewall (reach facebook / twitter) so I'm not trying to protect pentagon files. Security is good, as long as it doesn't involve hours of complicated configurations.
- Prevent the same user from using multiple devices to access vpn at the same time
- Any sugggestions?
So my questions are:
- What protocol should i use to be compatible with Android (say 1.6+) and iPhones?
- What administrative software should I use (free preferably but willing to invest a little)?
- What guides / tutorials can you recommend that are a little bit less confusing than this?
Android:
16 IPSec VPN Tunnels
8 L2TP VPN Tunnels (Dial-in: 4, Dial-out: 4)
8 PPTP VPN Tunnels (Dial-in: 4, Dial-out: 4)
- Embedded IPSec & PPTP client/server
- IKE key management
- DES, 3DES and AES encryption for IPSec
- Embedded powerful 3DES accelerator
- MPPE Encryption for PPTP
- L2TP within IPSec
- L2TP/PPTP/IPSec pass-through
iPhone
- L2TP / IPSec
- MSChapV2 Password
- RSA SecurID
- CRYPTOCard
- PPTP
- MSChapV2 Password
- RSA SecurID
- CRYPTOCard
- Cisco IPSec VPN
- Password
- RSA SecurID
- CRYPTOCard
- Certificate
NOTES
- I'll be sure to add a bounty after the 2 day period, hope this question can help other people who would like to create a similar setup.
- The title of this question is not that great, feel free to edit
- I don't need all answers answered any pointers would help :)
Here's a fairly straight forward L2TP/IPSEC tutorial, but I don't think iphone can use certs, so you will have to go PSK. It also gets into domain authentication, so your users only have to remember one set of credentials. That is, if you have a domain...
http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html
Unfortunately I don't have an answer for the client OS detection or bandwidth monitoring.
PPTP is probably going to be the simplest to implement if you need it to run on both Android and iPhone, but it's not as secure as IpSec/L2TP or OpenVPN. I know you mentioned you're running Ubuntu Lucid on the server end, but if you are able to experiment with pfSense either as a VM guest (works great for us under KVM on Ubuntu Lucid) or on a separate box I'd recommend it. It installs in minutes and provides an incredibly easy way to set up a PPTP, L2TP, or OpenVPN server. I think the PPTP server on pfSense would be a great place to start for what you're looking for.