Since I was playing around with my IPCop firewall anyway to do the gkrellmd work, I decided to upgrade it to 1.4.10 and install the ZERINA OpenVPN addon. Even though this isn't an official IPCop addon, it works very well, has a simple installer, and integrates very nicely with the IPCop Web UI. After generating all the PKI information, including the client certs, I installed Tunnelblick 3.0RC2 for OS X on my PowerBook. The OpenVPN addon is so complete that it will actually generate a zipfile containing a valid OpenVPN configuration for connecting to the firewall as well as the client PKS12 certificate right from the IPCop Web UI. I pulled this down, tossed it in ~pvenezia/Library/openvpn and fired up Tunnelblick. No go on the first try with a rather bizarre error claiming "unroutable packet received" from the IPCop system. Then I realized that the time on my firewall was off by over an hour, which would cause problems with the certs. I set the time and configured NTP time sync, and tried again. Bam -- instant secure access with more than a bit of panache. For those running Windows, check out the nicely detailed howto, including Windows client setup.