[ previous ] [ next ] [ threads ]
 
 From:  JP M <jpm underscore tmp2 at yahoo dot com>
 To:  JP M <jpm underscore tmp2 at yahoo dot com>, Peter Allgeyer <allgeyer at web dot de>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] OpenVPN, switching to m0n0
 Date:  Sat, 17 Sep 2005 11:18:18 -0700 (PDT) 
So, using Openvpn in m0n0 1.2b10 cd-rom iso:
(I did *not* test m0n0 as an openvpn client, only as a
server.  I started with an empty conf and created an
openvpn setting.)
 - Use of tls-auth option seems to work well
 - Bridging configuration didn't work for me:
   * OPT1 (tap0) took some time (a config write +
reboot I guess) to make it to the list of interfaces.
   * I bridged it to the LAN interface. I can't really
say if that worked. The interface was reported as up.
   * I chose 0.0.0.0/24 as my openvpn-managed client
network. That failed, openvpn complains about this
choice (and dies). I tried with an empty string but
now m0n0's GUI was complaining and didn't let me save.

Anyway if I remember right, the cure to openvpn2.0
trying to manage a network himself is to remove the
"server-bridge" directive from the conf file.
In that case, and if bridging of its own tap interface
works correctly, openvpn should let a Lan dhcp server
handle its clients.

What I suggest for bridging:
 - add a checkbox near the fields that serves the
server-bridge directive. Call that "[ ] Use m0n0 for
bridging" or some. The checkbox is enabled when the
selected interface is tap, else disabled. When enabled
and checked, the "server-bridge" field is disabled
(and commented in the conf file).
 - make Openvpn's server interface (tun or tap)
invisible or impossible to edit from the Interfaces
menu.

Cheers,
--JPM
--- JP M <jpm underscore tmp2 at yahoo dot com> wrote:

> Peter,
> 
> Sorry but you're just going too fast for me... I
> won't
> be able to test before this WE, possibly next WE.
> I attach below my OpenVPN2 config (server/client)
> and
> network settings. If you have a dhcp server handy,
> you
> can see for yourself how this type of setup works.
> Personnaly I wanted bridging because of windows file
> sharing, dhcp for "silent" client configuration and
> the dns-dhcp link that dnsmasq provides.
> My testing machine is a wireless client that
> accesses
> the Lan via Openvpn. 
> 
> Thanks for all your help !!!
> --- Peter Allgeyer <allgeyer at web dot de> wrote:
> 
> > Hi JP!
> > 
> > Am Sonntag, den 04.09.2005, 13:03 -0700 schrieb JP
> > M:
> > > I use
[etc]

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com