Cluster #4 - Implementing the IPSec VPN as Client and Server

I am working on a solution for security in my house based on an IPSec tunnel.  This is partially based on a NSA capability package document re using commercial off-the-shelf encryption techniques for separation of security domains.  The idea was interesting enough to try and replicate as part of my home VPN interconnections.

I have been reviewing a number of different posts to get this working, see here, here, and here.  Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.  The major contender package is StrongSwan rather than OpenVPN which does not support IPSec.

Setting up DHCP, NTP, DNS, Radius, and LDAP on a Raspberry Pi

I have been a little bit busy lately and have not had a chance to get back to the RPi things that this blog is all about.  Part of that time was learning some things on my new 3D Printer, but that is for another blog post because it will come to play in the future.

I decided that I wanted to setup a simplified server for use on a given vlan and/or a use-case in which I need these services and do not want to rely on a router.  So I will need the following services:

• DHCP - gives out IP addresses for the subnet that it is connected to
• NTP - provides a time service for the subnet
• DNS - provides a localized domain name service for the subnet
• Radius - provides Authentication and Authorization for the subnet, specifically for switches and wireless access points
• LDAP - provides directory services for the Radius server to maintain username/password combinations, allowed MAC addresses, ranges for subnet addresses
• Webmin - provides a web based server update process

Seems like a tall order but it is just setting up things in an orderly manner.