[ previous ] [ next ] [ threads ]
 From:  Peter Curran <peter at closeconsultants dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  m0n0<-->m0n0 VPN enhancements
 Date:  Sat, 22 Jan 2005 10:34:41 +0000
I have just finished work on a project that involved building quite a complex 
VPN infrastructure between multiple sites, using a partial mesh technology.

This was based on a bunch of embedded PCs acting as VPN gateways/routers/
firewalls.  I had originally considered using m0n0 for this project, but 
dismissed the idea fairly early on because of the lack of functionality to 
support a complex VPN routing scenario.  The project was done using OpenBSD 
and IPIP tunnels (using the gre(4) device) with security from IPsec transport 

I have used the same technique in the past, using either GRE or IPIP tunnels.  
The main benefits of this approach are:
-  The tunnel is seen by the OS as an interface, so it can be the target of 
routing tables, firewall rules, etc.
-  You can run a routing protocol, such as RIP or OSPF, across the tunnels to 
build a multi-path mesh network (also to keep the tunnel alive).
- It interoperates with cisco routers (GRE) and Microsoft RRAS (using either 

Now that the system is up and running, I was thinking how much nicer it would 
have been for the users if they could interact with the system via the m0n0 
GUI.  So, I have been doing some digging around inside m0n0's IPsec 
implementaion and I think I can get the same system to work pretty easily 
using m0n0.

Is there a view on the value of doing this?  Would people use it if it was 
there?  Does anybody have an alternative strategy they would like to share 
with us?

I have some 'spare' time coming up in the near future when the OpenVPN stuff 
is finished and could have a go at getting this system working within the 
next couple of months.


Peter Curran				  Leveraging Internet Technology
Close Consultants			       for Businesses
p: +44-1225-463700			 
f: +44-1225-463705			  
e: peter at closeconsultants dot com		  
sip: peter at closeconsultants dot com 

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.