[ previous ] [ next ] [ threads ]
 
 From:  "Quark IT - Hilton Travis" <hilton at quarkit dot com dot au>
 To:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] OpenVPN
 Date:  Wed, 9 Feb 2005 20:14:16 +1000
Hi Peter,

> -----Original Message-----
> From: Peter Curran [mailto:peter at closeconsultants dot com] 
> Sent: Wednesday, 9 February 2005 04:02
> 
> Travis
> 
> > Anyway, I'm asking if the next beta release of m0n0wall 
> > will have the current RC of OpenVPN 2.0 in it, because 
> > the current m0n0wall beta has an older (probably 
> > current at the time) OpenVPM 2.0 beta11 in it.  I'd
> > like to hope that m0n0wall won't make 1.2 final until 
> > OpenVPN 2.0 has also gone final - it would only make 
> > sense (to me) considering this is a core component now.
> >
> I am about to send the latest version of the OpenVPN code 
> to Manuel for inclusion in 1.2b4 (at least if I can get 
> everything I need together as I am still working from 
> remote).
> 
> The latest version includes:
> -- OpenVPN 2.0 RC11 or RC12
> -- Replacement for using the OPT devices to store 
>    OpenVPN tunnels (much more stable)
> -- Support for bridging when using TAP tunnels
> -- Support for PKCS#12 files on client side
> --  Lost of interface bug fixes
> 
> I consider it likely that OpenVPN will hit 2.0 before 
> 1.2 is out as I suspect that we have some way to go 
> with the 1.2 beta series yet.  I had an email from 
> Manuel some weeks ago that indicated that he was pretty 
> busy and not able to do as much work on m0n0wall as he 
> has in the past.
> 
> I am not convinced that m0n0-m0n0 using OpenVPN is a 
> better solution than some sort of explicit tunnel 
> secured with IPsec.  I really started the 
> OpenVPN-in-m0n0 ball rolling to support vast numbers 
> of Windows clients using OpenVPN.  The client side 
> stuff was added later, and it is pretty crude at 
> the moment.

Thanks for the update - much appreciated.

Were I to need to link 2 * m0n0wall sites, I'd probably (right now)
still use IPSEC between these sites.  However, should I need to link a
Windows user to a m0n0wall via a VPN, I'd tend to look at using the
OpenVPN option - that's kinda where I stand with this right now.

This may change - I've been known to change my standpoint before when
presented with information that I was previously unaware of.  :)

OpenVPN seems to be one of - if not the - best implementations of a
**true** SSL VPN available today.  I'm definitely pro-OpenVPN's
inclusion in m0n0wall.

As another point to note, I'd still really like to see m0n0wall be able
to create x.509 certs.  Would ba handy for those smaller networks that
don't have this capability on an internal server.  Tho these days, these
should be few and far between.

--

Regards,

Hilton Travis                          Phone: +61 (0)7 3344 3889
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager, Quark IT                      http://www.quarkit.com.au
         Quark AudioVisual             http://www.quarkav.net

http://www.threatcode.com/ <-- its now time to shame poor coders 
into writing code that is acceptable for use on today's networks

War doesn't determine who is right.  War determines who is left.

This document and any attachments are for the intended recipient 
  only.  It may contain confidential, privileged or copyright 
     material which must not be disclosed or distributed.