[ previous ] [ next ] [ threads ]
 From:  Ole Barnkob Kaas <obk at tet dot dk>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  $1000 prize for fully working OpenVPN on m0n0wall
 Date:  Tue, 03 Oct 2006 13:55:39 +0200

We are currently using m0n0wall to glue together our voip network with 
OpenVPN tunnels. We are using th net4801 platform with the 
net48xx-1.2-ovpn2.img image made available by Peter Allgeyer. We are 
using that specific image because later images seems to mess up PPTP 
when enabling OpenVPN. I've described the problems with OpenVPN earlier. 
To sum up:

1. The OpenVPN proces causes a kernel panic on the m0n0wall if and only 
if the sip proxy for some reason is unavailable. This happens with tftp 
too - but not with dns queries. Just before the m0n0wall freezes, a 
couple of ICMP "Desination Unreachable" is received.
OpenWRT and OpenVPN have been installed on a net4801 to see if OpenVPN 
also fails on that platform. This is not the case.

2. Packets that should go through the tunnel are sent to WAN if the 
tunnel comes up after the first packet have been sent. Flushing the 
statetables "solves" this. Advanced outbound nat is enabled.

3. From a fresh boot where the tunnel comes up it is not possible to 
access the m0n0wall from the far end af the tunnel. Logging in from a 
local pc and hitting "save" in advanced outbound nat "solves" this. 
Also, it is not possible to access local equipment from the far end of 
the tunnel before the local equipment have initiated a connection.

It is our hope that with a prize on this, these problems can be solved 
within a month - maybe two.


Ole Kaas