> Is it possible to get this to work with PPTP, or do I have to use IPSEC or
Broadcasts (and multicasts) do not work over IPsec. They probably don't work
over PPTP either.
It is possible to do what you want over OpenVPN - you need to create a vritual
layer-2 network using TAP style tunnels. There is some documentation for
this on the OpenVPN site. There is not currently any documentation for m0n0
that covers this particular aspect - to be honest you are only the second
person to ask for bridged networks over OpenVPN on this list, so it has had
something of a low priority.
This will work in the current 1.2b3 beta release, BUT ---- I am in the process
of completely rewriting the internals of m0n0/OpenVPN, and you may want to
wait until this is done (RSN).
Please watch the list for the availability of the next test release of code
that should suport your desired functionaility in what will (hopefully) be
the final mechanism.
> to the current lack of documentation (that I was able to find) for setting
> way I have to go, is there some sort of guide I can use to get it working
> with m0n0wall?
In brief (for 1.2b3) , what you need to do is setup the m0n0 as an OpenVPN
server using a TAP style tunnel. Assign a block of IP addresses (eg
10.1.0.0/24) and define the max number of clients (the default should be
fine). Create Server cert and key files, CA cert file and DH parameters file
(an explanation of how to do this is on ). Select a suitable crypto (the
default Blowfish is fine if you have no hardware accellerator).
Select the 'redirect gateway', 'ping 30 secs' and 'ping-reset 60 secs' push
options and enable 'client-to-client' routing.
Assuming incoming VPN traffic is on the WAN interface, add a filter rule to
permit incoming UDP packets to port 5000 from outside.
On your XP machines, download the current release of OpenVPN from the OpenVPN
site and install. Create a client cert and key file, provide the ca cert
file and place in the appropriate directory on windows. Create a config file
ca [name of ca cert file]
cert [name of client cert file]
key [name of key file]
This will link all the clients together into a single virtual ethernet - they
can happily chatter to each other. If you need to make the LAN interface on
the m0n0 part of this network it is possible, using bridging, but I suggest
waiting for the next release of the code as the current version doesn't
really work well.
Let me know how you get on.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.