Securing WLAN with ipsec VPN

Installing IPCop

Installation:

First i downloaded the IPCop v1.3.0 ISO file from http://www.ipcop.com
The old machine I wanted to use, did not support boot from CD-ROM, so I made a bootdiskette using "rawrite" in the dosutils directory. Inserted the bootimage filename, a: and viola. :)

Boot from the diskette, and folow the instrucions on the screen.
Choose "Green + Red" network config, netmask 255.255.255.0.
Give the "green" networkcard the ip-address: 192.168.0.253
I have an other Linux machine on the network as Internet GW / Firewall. This one is also running DNS. So I set up the IPCop machine (now called "wlangw") with the correct gateway and DNS info.
Also the "red" network card got an ip-address: 192.168.1.254, netmask 255.255.255.0
Remember to give the three required passwords:
root:The ordinary shell root account
setup:The account for shell setup (Login with this gives you the console based setup utility)
admin:The account for the webbased admin interface.
Now reboot, and the wlangw box is online on the "green" net (for me that is eth0), and the "red" net will be on eth1.

Configuration:

First i point an internet browser to: "https://wlangw:445/"
Log on as "admin" and the admin password.
Set up the services you want. Run the update etc.

VPN:

On the WLANGW Box:
Prepare the IPCop box for the first client called "jukebox01"20:56 08.12.2003:
( I use the SSH client "putty", running SSH2 against port 222 on the IPCop machine if I do this from a Windows machine. From a Linux-machine, just
"ssh -l root -p 222 ip-address") Also take look at this IPCopVPNHowto for IPCop.
In the directory "/var/ipcop/vpn" the essential ipsec configfiles "ipsec.conf" and "ipsec.secrets" are placed. Now ipsec.conf on both boxes have to be set up. On the IPCop box, edit "/var/ipcop/vpn/ipsec.conf". Mine on the IPCop box looks like this:

config setup
   interfaces="ipsec0=eth1"		# Bound to this interface
   klipsdebug=none
   plutodebug=none
   plutoload=%search
   plutostart=%search
   uniqueids=yes

conn jukebox01
   compress=no
   left=192.168.1.254
   leftsubnet=0.0.0.0/0
   leftnexthop=
   type=tunnel
   authby=secret
   pfs=yes
   right=192.168.1.75
   rightsubnet=192.168.1.75/32
   rightnexthop=
   auto=add

In some cases you might add "interfaces=%defaultroute", but that didn't work for me.
Then edit the "/var/ipcop/vpn/ipsec.secrets":

# IPCop-ip Client-IP : PSK "MySHaredSecret":
192.168.1.254 192.168.1.75 : PSK "ThisIsMyVerySecretPassword"

- Hit the "Restart" button in the VPN part of the web admin tool.