[ previous ] [ next ] [ threads ]
 From:  Peter Curran <lists at closeconsultants dot com>
 To:  m0n0 dot ch at hourfollowshour dot org, thomas at wedoweb dot se
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] openvpn roadwarrior configuration
 Date:  Sun, 12 Dec 2004 17:50:21 +0000

Good document!

Couple of pointers for you.....

You said that your config was for clients on a wireless network on OPT1.  It 
looks like a good setup for that purpose.  One thing to note is that you 
specify the redirect-gateway + local push option which is correct for the 
situation where clients are on the same network as the server.

This effectively pushes EVERYTHING down the tunnel (DNS, DHCP, evrything..).  
The only thing left going across the real network path is packets to/from 

If you are in a road-warrior scenario with remote users on completely seperate 
(not physically connected) networks then this will likely cause many 
problems.  I suggest that you just do redirect-gateway only.  This then 
creates a default route via the tunnel, but traffic to the network local to 
the client (typically for DNS) does not use the tunnel.

When the next version of the code is out (still testing but I hope tommorrow) 
then there is a port change.  OpenVPN now has an official port number 
assigned by IANA (1194).

You might want to try the local wireless network scenario using TAP tunnels as 
well - this actually performs better for me and allows me to use bridging to 
the LAN interface.

Alse I reccommend TinyCA (http://tinyca.sm-zone.net/) for managing certs etc. 
- it provides a fairly smooth GUI environment and is not too difficult to 



On Sunday 12 December 2004 16:09, m0n0 dot ch at hourfollowshour dot org wrote:
> Thomas,
> Check out this link for the directions I put together.  Let me know what
> questions/problems you find with it (I'm sure there are some)!
> I'm hoping this is semi-right and will be a starting point on some
> better documentation for how to set this all up using a single document.
> http://seigal.com/docs/m0n0-openvpn.html
> cc'ing Peter for input,
> Louis
> thomas at wedoweb dot se wrote:
> > It can be arranged. =)
> >
> > What would you like me to do?
> >
> > Best regards
> > Thomas
> >
> >>Do you happen to have a unix/linux box with openssl installed on it?
> >>
> >>I want to validate my config, I think I got it working but I want
> >>someone else to confirm if possible before I post it.
> >>
> >>Louis
> >>
> >>thomas at wedoweb dot se wrote:
> >>>Thank you for your reply!
> >>>
> >>>I did follow that guide a few weeks ago but got stuck on which of the
> >>>certificates I should use in m0n0 and which I should use in my laptops
> >>>openvpn-config.
> >>>
> >>>If you have better luck, I would be really glad to find out how to do
> >>>it.
> >>>
> >>>Best regards
> >>>Thomas
> >>>
> >>>>Thomas,
> >>>>
> >>>>I am just starting to look into this as well.  I just found this guide
> >>>>for generating all the keys, I'm checking that out now.  It would be
> >>>>nice to have m0n0 specific config and guide if there needs to be one.
> >>>>
> >>>>http://openvpn.sourceforge.net/howto.html -> Build RSA Certificates and
> >>>>Keys
> >>>>
> >>>>Louis
> >>>>
> >>>>>Im wondering if anyone know of a really good guide how to do this or
> >>>>> if someone who already have a working configuration could help me
> >>>>> solve my problem?
> >>>>>
> >>>>>Best regards
> >>>>>Thomas

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.