I would like to set up a VPN server on debian linux to encrypt wireless traffic coming from my Mac or iOS device. I would like to use a certificate-based solution. Setting up a PKI infrastructure and managing certificates is OK for me.
1. Which server to pick?
By looking through the internet and here on stackoverflow I found the following possible solutions:
- strongSwan
- IPSec and racoon
Which solution is feasible for a linode running debian squeeze?
2. How to configure the network?
If I understood correctly a VPN has a virtual network interface as an endpoint on the server side. Naively I would think that I need a DHCP server running on the server to assign a dynamic private IP (like of the class C network 192.168.xxx.xxx) to the connecting clients. Next I think I would need to set up masquerading to NAT the incoming VPN traffic to the real interface directly connected to the internet.
Is this the right way to go? Do you have any configuration examples? I often saw VPN configurations used to connect to your home network, but that is not what I am looking for. I have a server up in the internet and want to use it as a proxy to encrypt traffic in insecure network environments like public WLANs.
Finally I figured out how to use it. I chose strongswan with xauthrsasig authentication. It works flawlessly with iOS. I managed to implement it along the lines of this blogpost: http://www.hosthop.com/hop/knowledgebase/21/StrongswanorOpenswan-Pure-IPSEC-Tunnel-Configuration-for-iPhone-and-Similar-Devices.html