[ previous ] [ next ] [ threads ]
 
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  Ole Barnkob Kaas <obk at tet dot dk>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] $1000 prize for fully working OpenVPN on m0n0wall
 Date:  Tue, 03 Oct 2006 22:14:51 +0200
Hi Ole!

Am Dienstag, den 03.10.2006, 13:55 +0200 schrieb Ole Barnkob Kaas:
> We are currently using m0n0wall to glue together our voip network with 
> OpenVPN tunnels. We are using th net4801 platform with the 
> net48xx-1.2-ovpn2.img image made available by Peter Allgeyer. We are 
> using that specific image because later images seems to mess up PPTP 
> when enabling OpenVPN.
Sorry, can you be more specific on that? In what way do they mess up
PPTP?

>  I've described the problems with OpenVPN earlier. 
I'll search for it.

> 1. The OpenVPN proces causes a kernel panic on the m0n0wall if and only 
> if the sip proxy for some reason is unavailable.
SIP proxy? Are you sure that OpenVPN is the cause? OpenVPN fully runs in
user space. It IMHO can't bring down the kernel. Isn't it the
tun-driver?

> 2. Packets that should go through the tunnel are sent to WAN if the 
> tunnel comes up after the first packet have been sent. Flushing the 
> statetables "solves" this. Advanced outbound nat is enabled.
Try that with the latest images from my website. If the failure resists,
provide me with the error log and an output of status.php.

> 3. From a fresh boot where the tunnel comes up it is not possible to 
> access the m0n0wall from the far end af the tunnel. Logging in from a 
> local pc and hitting "save" in advanced outbound nat "solves" this. 
> Also, it is not possible to access local equipment from the far end of 
> the tunnel before the local equipment have initiated a connection.
See above. Firstly try the latest images.

> It is our hope that with a prize on this, these problems can be solved 
> within a month - maybe two.
I can't promise anything, because my spare time is precious little at
the moment. Have you ever tried to run pfsense? They have adapted my
code, but I don't know, how well.

BR, PIT


---------------------------------------------------------------------------
 copyleft(c) by |           Anybody want a binary telemetry frame
 Peter Allgeyer |   _-_     editor written in Perl?   -- Larry Wall in
                | 0(o_o)0   <199708012226 dot PAA22015 at wall dot org>
---------------oOO--(_)--OOo-----------------------------------------------