[ previous ] [ next ] [ threads ]
 From:  Peter Curran <lists at closeconsultants dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  OpenVPN test release
 Date:  Wed, 15 Dec 2004 16:55:47 +0000
There is a new test release of m0n0wall incorporating new OpenVPN 
functionality available at:  http://www.closeconsultants.com/~peter/

Usual rules apply - testing only, not for production use. 

The config.xml files are not compatible with the last version.  To convert, 
just delete any optional interface entries relating to OpenVPN.

Here are some notes......

m0n0-openvpn 1.2b3o

This is a test release based on the m0n0wall 1.2b3 beta release.

It is intended purely for testing purposes and SHOULD NOT BE USED in a 
production environment.

Summary of changes
This release has focused on a rewrite of the internals of the OpenVPN 
functionality for m0n0wall.  The main change is to cease use of the optional 
interfaces configuration to hold information about OpenVPN tunnels - this was 
causing a great many problems with NAT and the interpretation of address 

The new method treats OpenVPN as an 'exception' - in a similar way to PPTP 
tunnels are handled.  this means that information about OpenVPN tunnels is 
built 'on_the_fly' as filter rules and static routes are built during system 

This means that the behaviour of the OpenVPN subsystem for filters, static 
routes and NAT has changed from the previous versions of the code.  Hopefully 
these changes will make the system much easier to configure and more reliable 
- particularly when the m0n0wall is acting as an OpenVPN client.

Details of how filtering rules, static routes and NAT now work for OpenVPN are 
contained in a separate note.

Specific notes
- The latest version of the OpenVPN codebase has been used (OpenVPN 2.0_RC2).
- LZO compression is not supported.
- Bridging between OpenVPN Tunnel interfaces and either LAN or OPT interfaces 
is not currently supported but is on the list for the next release.
- There are known issues relating to the support of crypto hardware (such as 
the Soekris VPN12xx and VPN14xx cards).  This is on the list for the next 
- There are hard limits on the number of client tunnels - 17 tun and 4 tap.
- config.xml files from previous versions are not compatible with this 


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.