Peter Allgeyer wrote:
> Hi Ole!
> Am Dienstag, den 03.10.2006, 13:55 +0200 schrieb Ole Barnkob Kaas:
>> We are currently using m0n0wall to glue together our voip network with
>> OpenVPN tunnels. We are using th net4801 platform with the
>> net48xx-1.2-ovpn2.img image made available by Peter Allgeyer. We are
>> using that specific image because later images seems to mess up PPTP
>> when enabling OpenVPN.
> Sorry, can you be more specific on that? In what way do they mess up
I'm unable to connect to the pptp server after configuring an OpenVPN
client connection. I suspect that it something to do with the network
>> I've described the problems with OpenVPN earlier.
> I'll search for it.
>> 1. The OpenVPN proces causes a kernel panic on the m0n0wall if and only
>> if the sip proxy for some reason is unavailable.
> SIP proxy? Are you sure that OpenVPN is the cause? OpenVPN fully runs in
> user space. It IMHO can't bring down the kernel. Isn't it the
The fault page displays the openvpn process as the offending one. But
then again it could be the tun interface that causes openvpn to die with
a page fault. BTW the later images crashes too.
>> 2. Packets that should go through the tunnel are sent to WAN if the
>> tunnel comes up after the first packet have been sent. Flushing the
>> statetables "solves" this. Advanced outbound nat is enabled.
> Try that with the latest images from my website. If the failure resists,
> provide me with the error log and an output of status.php.
>> 3. From a fresh boot where the tunnel comes up it is not possible to
>> access the m0n0wall from the far end af the tunnel. Logging in from a
>> local pc and hitting "save" in advanced outbound nat "solves" this.
>> Also, it is not possible to access local equipment from the far end of
>> the tunnel before the local equipment have initiated a connection.
> See above. Firstly try the latest images.
>> It is our hope that with a prize on this, these problems can be solved
>> within a month - maybe two.
> I can't promise anything, because my spare time is precious little at
> the moment. Have you ever tried to run pfsense? They have adapted my
> code, but I don't know, how well.
You got spare time! ;-) I was in the process of giving this a stab
myself - but I'm out of time.
Assumptions is the mother of all f***ups. Reading the feature page of
pfSense I ASSUMED that it didn't support OpenVPN and wrote it off - DOH!!
I've now tried pfSense and it seems that it doesn't have any of the
problems mentioned. I'll have to test it for a couple of weeks to see
how it performs or if there are any other problems. Comparing pfSense
with m0n0 (quick):
+ OpenVPN that works ;-)
+ Separate log page OpenVPN
+ DHCP client on OPTx interface
+ Automatic certificate on webgui ssl
+ Temperature monitor
- Slooow - it all comes at a price (ugh)
- OpenVPN eats more CPU power
- Requires 128MB flash
There is of course a lot of other advantages in pfSense, but they don't
belong in m0n0.
Now that it seems that my problems with OpenVPN is solved, I have to
cancel the prize. Sorry. I would of course love to see a working OpenVPN
in m0n0 in the future.