There is a new test release of m0n0wall incorporating new OpenVPN
functionality available at: http://www.closeconsultants.com/~peter/
Usual rules apply - testing only, not for production use.
The config.xml files are not compatible with the last version. To convert,
just delete any optional interface entries relating to OpenVPN.
Here are some notes......
This is a test release based on the m0n0wall 1.2b3 beta release.
It is intended purely for testing purposes and SHOULD NOT BE USED in a
Summary of changes
This release has focused on a rewrite of the internals of the OpenVPN
functionality for m0n0wall. The main change is to cease use of the optional
interfaces configuration to hold information about OpenVPN tunnels - this was
causing a great many problems with NAT and the interpretation of address
The new method treats OpenVPN as an 'exception' - in a similar way to PPTP
tunnels are handled. this means that information about OpenVPN tunnels is
built 'on_the_fly' as filter rules and static routes are built during system
This means that the behaviour of the OpenVPN subsystem for filters, static
routes and NAT has changed from the previous versions of the code. Hopefully
these changes will make the system much easier to configure and more reliable
- particularly when the m0n0wall is acting as an OpenVPN client.
Details of how filtering rules, static routes and NAT now work for OpenVPN are
contained in a separate note.
- The latest version of the OpenVPN codebase has been used (OpenVPN 2.0_RC2).
- LZO compression is not supported.
- Bridging between OpenVPN Tunnel interfaces and either LAN or OPT interfaces
is not currently supported but is on the list for the next release.
- There are known issues relating to the support of crypto hardware (such as
the Soekris VPN12xx and VPN14xx cards). This is on the list for the next
- There are hard limits on the number of client tunnels - 17 tun and 4 tap.
- config.xml files from previous versions are not compatible with this
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.