[ previous ] [ next ] [ threads ]
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  Scott Ullrich <sullrich at gmail dot com>
 Cc:  Chris Buechler <cbuechler at gmail dot com>, m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] OpenVPN: I will do the work.
 Date:  Wed, 11 Apr 2007 23:39:01 +0200
Hi Dominik, Chris and Scott!

Am Mittwoch, den 11.04.2007, 13:53 -0400 schrieb Scott Ullrich:
> On 4/11/07, Chris Buechler <cbuechler at gmail dot com> wrote:
> > pfsense has fixed this same problem though, so if you want to
> > implement it, it shouldn't be difficult to start with the last
> > m0n0wall image that had OpenVPN, and implement the fix pfsense has
> > implemented.
> Unfortunately just "fixing" m0n0wall's implementation is not so easy.
> Our version was rewritten from scratch and uses CoreGUI.  m0n0wall
> does not have CoreGUI and friends.

Since it was me, who has developed the last OpenVPN patches to m0n0wall,
I want to explain it from my side of view, too.

Chris is somewhat right in saying, that the implementation broke OPT
interfaces. Somewhat, because not the implementation broke the OPT
interfaces, it was the design of m0n0wall which isn't flexible enough to
handle dynamic assigned interfaces. So adding and removing OPT
interfaces is likely to break formerly defined rulesets and NAT
settings. Manuel has written a good proposal for a new m0n0wall design.
He knows about the problem and I'm sure he'll investigate in it.

I'm not sure that pfsense has fixed this same problem, though I've to
take a closer look at the code. Scott is right when he says that the
CoreGUI was rewritten from scratch but he's to be mistaken, that the
whole code was completly rewritten from scratch. From my last look at
the code there were still a lot of lines which were ported from the
original m0n0wall code. Nevertheless he's right when he says, that just
"fixing" m0n0wall's implementation is not so easy, because you've to
make deep changes to the whole interface design of m0n0wall for that.

I thought about making another "final" beta version of openvpn for
m0n0wall 1.231 though I've stopped further code development in favour of
waiting for a usable prototype of the new m0n0wall. If you want to help
coding, please write a personal email to me (in German, if you want).


 copyleft(c) by |           Either approach may give birth to various
 Peter Allgeyer |   _-_     sorts of monstrosities.   -- Larry Wall in
                | 0(o_o)0   <199710221950 dot MAA25210 at wall dot org>