Tony;

On Mon, 2014-10-20 at 21:36 +1100, amprnet@wizards.sytes.net wrote:

After a long wait I finally have my 44 address space and my security certificate.

Congrats.

Following the steps on the wiki I have set up the raspberry pi as a vpn client and during boot I see the VPN client start.

If you mean vpn client I suppose you're referring to the likes of OpenVPN or similar?

Do I need to open and redirect a port on my router pointing to the raspberry pi running the vpn and if so which port?

If you're using a true VPN client, you shouldn't have to do a thing. The client should keep the required port open for you to push your sourced 44-net routing through to your host. If you're "vpn" is ipencap, you'll need to set your Pi as the DMZ on your router, and hope that your make doesn't filter ipencap. While there are some that do, I don't have a list.

Once I have done that, what is the recommended method (software) that should be installed to protect the network both to and from me?

You may try fail2ban, or any of the other agents for linux, however note that they all basically use iptables. If you're good enough with iptables you can write your own.

Before I add any other software is there a way to test the functionality of what I have done so far? at the moment all it appears to be doing is sitting there and blinking the wireless access LED

Telnet to any JNOS or URONode, and then do a user listing ([M]ailbox-users for JNOS and [U]sers on URONode) to see what your source address is. If you see yourself sourced as a 44-net IP, your good.

Equipment is a raspberry B+ running off a UPS with wireless access to my network.

You can also turn it into a repeater if you wanted to with another dongle and something such as hostapd. Your Pi's secondary wifi would then become native 44-net to your secondary wifi and any windows client on it would not need ipencap as it's method in, the Pi would handle it for you. Just insure you have solid policy routing engaged.